[Samba] Winbind and user-mapping

David Edward Shapiro David.Edward.Shapiro at btitele.com
Tue Feb 26 05:20:17 GMT 2002

Hay gang,

It is interesting to note that on solaris, getent passwd does not return the
clean output that Glatzel Tino got.  Here are lines I get from solaris 2.8
running samba 3.0alpha15:


Note the x,eryB, for example, instead of just x...


-----Original Message-----
From: Glatzel Tino [mailto:tino.glatzel at badenIT.de]
Sent: Tuesday, February 26, 2002 2:55 AM
To: 'David Edward Shapiro'
Subject: AW: [Samba] Winbind and user-mapping

This is a little part of my output

getent passwd


getent group


Well, that is not very secure, but your user should be able to write/read in
that directory.  What did getent passwd grep return for you?  

-----Original Message-----
From: Glatzel Tino [mailto:tino.glatzel at badenIT.de]
Sent: Monday, February 25, 2002 11:32 AM
To: 'David Edward Shapiro'
Subject: AW: [Samba] Winbind and user-mapping

The permissions are:
drwxrwxrwx    2 root   root        35 Feb 25 17:14 all

>>Do getent passwd | grep -i <windows user>It works. I seetheWindows-Usergetent group -- I see the lokal and NT-GroupsExample: ANT-usercreates a new director. This are thepermissions:drwxrwx---    2nobodynogroup        35 Feb 25 17:14newDirectorywhy?-----UrsprünglicheNachricht-----Von: DavidEdwardShapiro[mailto:David.Edward.Shapiro at btitele.com]Gesendet: Montag,25.Februar 200214:32An: 'Glatzel Tino'Cc: 'samba at listssamba.org'Betreff:RE:[Samba]Winbind and user-mappingWhat are the permissions on thedirectory?Do getent passwd | grep -i <windows user>Note the group number anduserid.That group number/user id need to have permissions to write/read intheallshare.  You can use the "force group ="option to make the creationoffiles get setto its group.  I noted thatdomain users got the gid of 1000,soin/etc/group I made a group calledusers with gid of 1000.  I set forcegroup= users and gave that group theappropriatepermissions.David-----OriginalMessage-----From: GlatzelTino[mailto:tino.glatzel at badenIT.de]Sent: Monday, February 25, 2002 7:28 AM
To: 'samba at lists.samba.org'
Subject: [Samba] Winbind and user-mapping

Winbindd can see the NT-user, but samba can't work with the NT-user.

My System: 	SuSE Linux 7.2 Enterprise Server

I have install samba by the following steps:

1.	./configure --prefix=/opt/samba-2.2.3a --with-winbind
2.	make
3.	make install
4.	cp /tmp/samba-2.2.3a/source/nsswitch/libnss_winbind.so /lib
5.	ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
6.	vi /etc/nsswitch.conf

	passwd: compat winbind
	group:  compat winbind

7.	/sbin/ldconfig -v | grep winbind   --> I can see it!
8.	vi /opt/samba-2.2.3a/lib/smb.conf

		workgroup = test
        	netbios name = SAMBA
        	encrypt passwords = yes
        	server string = SAMBA %v
        	load printers = no
        	security = DOMAIN
        	password server = *
        	keepalive = 30
        	winbind uid = 1000-2000
        	winbind gid = 3000-8000
        	winbind enum users = yes
        	winbind enum groups = yes
        	template shell = /bin/bash
        	winbind separator = +
        	winbind cache time = 10

        	comment = For all users
        	path = /all
        	guest ok = Yes
        	writeable = Yes
        	create mode = 0770
        	directory mode = 0770
        	browseable = Yes
        	write ok = Yes

9.	smbpasswd -j test -r pdc -U admin  --> It works

And now the Problem:
With /opt/samba-2.2.3a/bin/wbinfo -u, i can see the DOMAIN-USERS
With /opt/samba-2.2.3a/bin/wbinfo -g, i can see the DOMAIN-GROUPS

If a Windows-user creates a file at the "all"-share, the owner of the file
is  nobody and the group is nogroup.
Why ??
What is wrong ??

To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list