[Samba] Winbind and user-mapping

David Edward Shapiro David.Edward.Shapiro at btitele.com
Tue Feb 26 08:50:06 GMT 2002


Okay, you have a default group of 10000.  Create a group in /etc/group
called users with gid of 10000

e.g.,
users::10000:

Change the group of the share to users with chgrp -R users /your/share
chmod to something sane again: chmod -R 775 /your/share

Now, you can use options like write list, inherit permissions, force group,
force create mode, etc. to control how files are created, but at least the
group will adhere to a group on your unix box.  You can use smbgroupedit
with samba 3.0 to assocate your unix group with different NT domains and
vice-versa too.

David


-----Original Message-----
From: Glatzel Tino [mailto:tino.glatzel at badenIT.de]
Sent: Tuesday, February 26, 2002 2:55 AM
To: 'David Edward Shapiro'
Subject: AW: [Samba] Winbind and user-mapping


This is a little part of my output

getent passwd

TEST+TUser1:x:11273:10000:TUser1:/home/STWFR1/tuser1:/bin/bash
TEST+TUser2:x:11274:10000:TUser2:/home/STWFR1/tuser2:/bin/bash
TEST+TUser3:x:11275:10000:TUser3:/home/STWFR1/tuser3:/bin/bash
TEST+TUser4:x:11276:10000:TUser4:/home/STWFR1/tuser4:/bin/bash
TEST+TUser5:x:11277:10000:TUser5:/home/STWFR1/tuser5:/bin/bash

getent group

TEST+Sub-Administrators:x:11097:

Well, that is not very secure, but your user should be able to write/read in
that directory.  What did getent passwd grep return for you?  

-----Original Message-----
From: Glatzel Tino [mailto:tino.glatzel at badenIT.de]
Sent: Monday, February 25, 2002 11:32 AM
To: 'David Edward Shapiro'
Subject: AW: [Samba] Winbind and user-mapping


The permissions are:
drwxrwxrwx    2 root   root        35 Feb 25 17:14 all


>>Do getent passwd | grep -i <windows user>It works. I seetheWindows-Usergetent group -- I see the lokal and NT-GroupsExample: ANT-usercreates a new director. This are thepermissions:drwxrwx---    2nobodynogroup        35 Feb 25 17:14newDirectorywhy?-----UrsprünglicheNachricht-----Von: DavidEdwardShapiro[mailto:David.Edward.Shapiro at btitele.com]Gesendet: Montag,25.Februar 200214:32An: 'Glatzel Tino'Cc: 'samba at listssamba.org'Betreff:RE:[Samba]Winbind and user-mappingWhat are the permissions on thedirectory?Do getent passwd | grep -i <windows user>Note the group number anduserid.That group number/user id need to have permissions to write/read intheallshare.  You can use the "force group ="option to make the creationoffiles get setto its group.  I noted thatdomain users got the gid of 1000,soin/etc/group I made a group calledusers with gid of 1000.  I set forcegroup= users and gave that group theappropriatepermissions.David-----OriginalMessage-----From: GlatzelTino[mailto:tino.glatzel at badenIT.de]Sent: Monday, February 25, 2002 7:28 AM
To: 'samba at lists.samba.org'
Subject: [Samba] Winbind and user-mapping


Winbindd can see the NT-user, but samba can't work with the NT-user.

My System: 	SuSE Linux 7.2 Enterprise Server
		Samba-2.2.3a

I have install samba by the following steps:

1.	./configure --prefix=/opt/samba-2.2.3a --with-winbind
2.	make
3.	make install
4.	cp /tmp/samba-2.2.3a/source/nsswitch/libnss_winbind.so /lib
5.	ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
6.	vi /etc/nsswitch.conf

	passwd: compat winbind
	group:  compat winbind

7.	/sbin/ldconfig -v | grep winbind   --> I can see it!
8.	vi /opt/samba-2.2.3a/lib/smb.conf

	[global]
		workgroup = test
        	netbios name = SAMBA
        	encrypt passwords = yes
        	server string = SAMBA %v
        	load printers = no
        	security = DOMAIN
        	password server = *
        	keepalive = 30
        	winbind uid = 1000-2000
        	winbind gid = 3000-8000
        	winbind enum users = yes
        	winbind enum groups = yes
        	template shell = /bin/bash
        	winbind separator = +
        	winbind cache time = 10

	[all]
        	comment = For all users
        	path = /all
        	guest ok = Yes
        	writeable = Yes
        	create mode = 0770
        	directory mode = 0770
        	browseable = Yes
        	write ok = Yes

9.	smbpasswd -j test -r pdc -U admin  --> It works

And now the Problem:
With /opt/samba-2.2.3a/bin/wbinfo -u, i can see the DOMAIN-USERS
With /opt/samba-2.2.3a/bin/wbinfo -g, i can see the DOMAIN-GROUPS

If a Windows-user creates a file at the "all"-share, the owner of the file
is  nobody and the group is nogroup.
Why ??
What is wrong ??



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba






More information about the samba mailing list