[Samba] Winbind and user-mapping
David Edward Shapiro
David.Edward.Shapiro at btitele.com
Tue Feb 26 08:50:06 GMT 2002
Okay, you have a default group of 10000. Create a group in /etc/group
called users with gid of 10000
e.g.,
users::10000:
Change the group of the share to users with chgrp -R users /your/share
chmod to something sane again: chmod -R 775 /your/share
Now, you can use options like write list, inherit permissions, force group,
force create mode, etc. to control how files are created, but at least the
group will adhere to a group on your unix box. You can use smbgroupedit
with samba 3.0 to assocate your unix group with different NT domains and
vice-versa too.
David
-----Original Message-----
From: Glatzel Tino [mailto:tino.glatzel at badenIT.de]
Sent: Tuesday, February 26, 2002 2:55 AM
To: 'David Edward Shapiro'
Subject: AW: [Samba] Winbind and user-mapping
This is a little part of my output
getent passwd
TEST+TUser1:x:11273:10000:TUser1:/home/STWFR1/tuser1:/bin/bash
TEST+TUser2:x:11274:10000:TUser2:/home/STWFR1/tuser2:/bin/bash
TEST+TUser3:x:11275:10000:TUser3:/home/STWFR1/tuser3:/bin/bash
TEST+TUser4:x:11276:10000:TUser4:/home/STWFR1/tuser4:/bin/bash
TEST+TUser5:x:11277:10000:TUser5:/home/STWFR1/tuser5:/bin/bash
getent group
TEST+Sub-Administrators:x:11097:
Well, that is not very secure, but your user should be able to write/read in
that directory. What did getent passwd grep return for you?
-----Original Message-----
From: Glatzel Tino [mailto:tino.glatzel at badenIT.de]
Sent: Monday, February 25, 2002 11:32 AM
To: 'David Edward Shapiro'
Subject: AW: [Samba] Winbind and user-mapping
The permissions are:
drwxrwxrwx 2 root root 35 Feb 25 17:14 all
>>Do getent passwd | grep -i <windows user>It works. I seetheWindows-Usergetent group -- I see the lokal and NT-GroupsExample: ANT-usercreates a new director. This are thepermissions:drwxrwx--- 2nobodynogroup 35 Feb 25 17:14newDirectorywhy?-----UrsprünglicheNachricht-----Von: DavidEdwardShapiro[mailto:David.Edward.Shapiro at btitele.com]Gesendet: Montag,25.Februar 200214:32An: 'Glatzel Tino'Cc: 'samba at listssamba.org'Betreff:RE:[Samba]Winbind and user-mappingWhat are the permissions on thedirectory?Do getent passwd | grep -i <windows user>Note the group number anduserid.That group number/user id need to have permissions to write/read intheallshare. You can use the "force group ="option to make the creationoffiles get setto its group. I noted thatdomain users got the gid of 1000,soin/etc/group I made a group calledusers with gid of 1000. I set forcegroup= users and gave that group theappropriatepermissions.David-----OriginalMessage-----From: GlatzelTino[mailto:tino.glatzel at badenIT.de]Sent: Monday, February 25, 2002 7:28 AM
To: 'samba at lists.samba.org'
Subject: [Samba] Winbind and user-mapping
Winbindd can see the NT-user, but samba can't work with the NT-user.
My System: SuSE Linux 7.2 Enterprise Server
Samba-2.2.3a
I have install samba by the following steps:
1. ./configure --prefix=/opt/samba-2.2.3a --with-winbind
2. make
3. make install
4. cp /tmp/samba-2.2.3a/source/nsswitch/libnss_winbind.so /lib
5. ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
6. vi /etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
7. /sbin/ldconfig -v | grep winbind --> I can see it!
8. vi /opt/samba-2.2.3a/lib/smb.conf
[global]
workgroup = test
netbios name = SAMBA
encrypt passwords = yes
server string = SAMBA %v
load printers = no
security = DOMAIN
password server = *
keepalive = 30
winbind uid = 1000-2000
winbind gid = 3000-8000
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
winbind separator = +
winbind cache time = 10
[all]
comment = For all users
path = /all
guest ok = Yes
writeable = Yes
create mode = 0770
directory mode = 0770
browseable = Yes
write ok = Yes
9. smbpasswd -j test -r pdc -U admin --> It works
And now the Problem:
With /opt/samba-2.2.3a/bin/wbinfo -u, i can see the DOMAIN-USERS
With /opt/samba-2.2.3a/bin/wbinfo -g, i can see the DOMAIN-GROUPS
If a Windows-user creates a file at the "all"-share, the owner of the file
is nobody and the group is nogroup.
Why ??
What is wrong ??
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list