[Samba] Winbind and user-mapping

David Edward Shapiro David.Edward.Shapiro at btitele.com
Tue Feb 26 05:20:17 GMT 2002


Hay gang,

It is interesting to note that on solaris, getent passwd does not return the
clean output that Glatzel Tino got.  Here are lines I get from solaris 2.8
running samba 3.0alpha15:

INS+Yummie:x,2:11257:1000:Yummie
bunny:/export/home/winnt/INS/yummie:/bin/false
INS+Yuasso:x,ndaW:11258:1000:Yuasso:/export/home/winnt/INS/yuasso:/bin/false
INS+Zanadu:x,eryB:11259:1000:Zanadu
babe:/export/home/winnt/INS/zanadu:/bin/false

Note the x,eryB, for example, instead of just x...

David


-----Original Message-----
From: Glatzel Tino [mailto:tino.glatzel at badenIT.de]
Sent: Tuesday, February 26, 2002 2:55 AM
To: 'David Edward Shapiro'
Subject: AW: [Samba] Winbind and user-mapping


This is a little part of my output

getent passwd

TEST+TUser1:x:11273:10000:TUser1:/home/STWFR1/tuser1:/bin/bash
TEST+TUser2:x:11274:10000:TUser2:/home/STWFR1/tuser2:/bin/bash
TEST+TUser3:x:11275:10000:TUser3:/home/STWFR1/tuser3:/bin/bash
TEST+TUser4:x:11276:10000:TUser4:/home/STWFR1/tuser4:/bin/bash
TEST+TUser5:x:11277:10000:TUser5:/home/STWFR1/tuser5:/bin/bash

getent group

TEST+Sub-Administrators:x:11097:

Well, that is not very secure, but your user should be able to write/read in
that directory.  What did getent passwd grep return for you?  

-----Original Message-----
From: Glatzel Tino [mailto:tino.glatzel at badenIT.de]
Sent: Monday, February 25, 2002 11:32 AM
To: 'David Edward Shapiro'
Subject: AW: [Samba] Winbind and user-mapping


The permissions are:
drwxrwxrwx    2 root   root        35 Feb 25 17:14 all


>>Do getent passwd | grep -i <windows user>It works. I seetheWindows-Usergetent group -- I see the lokal and NT-GroupsExample: ANT-usercreates a new director. This are thepermissions:drwxrwx---    2nobodynogroup        35 Feb 25 17:14newDirectorywhy?-----UrsprünglicheNachricht-----Von: DavidEdwardShapiro[mailto:David.Edward.Shapiro at btitele.com]Gesendet: Montag,25.Februar 200214:32An: 'Glatzel Tino'Cc: 'samba at listssamba.org'Betreff:RE:[Samba]Winbind and user-mappingWhat are the permissions on thedirectory?Do getent passwd | grep -i <windows user>Note the group number anduserid.That group number/user id need to have permissions to write/read intheallshare.  You can use the "force group ="option to make the creationoffiles get setto its group.  I noted thatdomain users got the gid of 1000,soin/etc/group I made a group calledusers with gid of 1000.  I set forcegroup= users and gave that group theappropriatepermissions.David-----OriginalMessage-----From: GlatzelTino[mailto:tino.glatzel at badenIT.de]Sent: Monday, February 25, 2002 7:28 AM
To: 'samba at lists.samba.org'
Subject: [Samba] Winbind and user-mapping


Winbindd can see the NT-user, but samba can't work with the NT-user.

My System: 	SuSE Linux 7.2 Enterprise Server
		Samba-2.2.3a

I have install samba by the following steps:

1.	./configure --prefix=/opt/samba-2.2.3a --with-winbind
2.	make
3.	make install
4.	cp /tmp/samba-2.2.3a/source/nsswitch/libnss_winbind.so /lib
5.	ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
6.	vi /etc/nsswitch.conf

	passwd: compat winbind
	group:  compat winbind

7.	/sbin/ldconfig -v | grep winbind   --> I can see it!
8.	vi /opt/samba-2.2.3a/lib/smb.conf

	[global]
		workgroup = test
        	netbios name = SAMBA
        	encrypt passwords = yes
        	server string = SAMBA %v
        	load printers = no
        	security = DOMAIN
        	password server = *
        	keepalive = 30
        	winbind uid = 1000-2000
        	winbind gid = 3000-8000
        	winbind enum users = yes
        	winbind enum groups = yes
        	template shell = /bin/bash
        	winbind separator = +
        	winbind cache time = 10

	[all]
        	comment = For all users
        	path = /all
        	guest ok = Yes
        	writeable = Yes
        	create mode = 0770
        	directory mode = 0770
        	browseable = Yes
        	write ok = Yes

9.	smbpasswd -j test -r pdc -U admin  --> It works

And now the Problem:
With /opt/samba-2.2.3a/bin/wbinfo -u, i can see the DOMAIN-USERS
With /opt/samba-2.2.3a/bin/wbinfo -g, i can see the DOMAIN-GROUPS

If a Windows-user creates a file at the "all"-share, the owner of the file
is  nobody and the group is nogroup.
Why ??
What is wrong ??



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba






More information about the samba mailing list