[Samba] winbind problem with existing linux user accounts. (S amba 2.2.3a)

Matthews, John JMatthews at LIO.AACISD.com
Tue Feb 26 10:32:06 GMT 2002

Thank you for your reply.  
Below are the entries for winbind I have in my smb.conf.  Do you see any
problems with them?

# separate domain and username with '+', like DOMAIN+username
winbind separator = +
# use uids from 10000 to 20000 for domain users
winbind uid = 10000-20000
# user gids from 10000 to 20000 for domain groups
winbind gid = 10000-20000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet access)
template shell = /bin/bash
template homedir = /home/%U

In addition this is what I currently have for my pam.d/samba file:

auth 		sufficient	/lib/security/pam_winbind.so
auth		required	/lib/security/pam_stack.so
auth		required	/lib/security/pam_stack.so
service=system-auth use_first_pass
account	required	/lib/security/pam_stack.so service=system-auth 

Would you mind recommending what other courses of action I should pursue?  

	Thanks in advance,
	John Matthews

-----Original Message-----
From: Ariel Mella [mailto:samba at nebula-sa.com.ar]
Sent: Tuesday, February 26, 2002 12:47 PM
To: Matthews, John; samba at lists.samba.org
Subject: Re: [Samba] winbind problem with existing linux user accounts.
(Samba 2.2.3a)


In your smb.conf you have to put somewhere whats uids winbind can take off.
winbind uid = 10000-20000
winbind gid = 10000-20000
this maps each ad or pdc account to a valid unix id.
this means that the user "fred" you are mentioning have already a uid in the
linux+winbind box.
but if you already have a "fred" account in the linux box and a "fred"
account in the ad or pdc and winbind is running the results is a unix
account and ad or pdc account that ar equal in name "fred" but different
i think that this is your problem.

> Hello,
> I'm experiencing a frustrating problem configuring winbind and Samba
> 2.2.3a on a Red Hat Linux 7.2 server.  I would appreciate ANY help and/or
> advice.  I have read the documentation which comes with the samba source,
> but I'm still having problems. I can successfully see the Windows
> Users/Groups through Linux, using "wbinfo -u", "wbinfo -g", "getent
> and "getent group".  I think my problem might be related to the
> file, but I'm not sure how to fix it.
> Configuration: Red Hat Linux 7.2, Samba 2.2.3a with winbind. Primary
> Domain Controller is a Windows 2000 machine.
> Here's my problem:
> A user "fred" logs into his Windows 2000 PC, and attempts to access
> through Samba his /home/fred directory.
> 1. If "fred" is a normal linux user, and has an entry in
> /etc/passwd AND winbind is loaded then I receive an error  "The network
> cannot be found.".  Samba seems able to determine that "fred" is a linux
> user and shows the corresponding [homes] directory, I'm just not able to
> access the home directory.  I was thinking that this might be related to
> UID's being different between the linux account of "fred" and the windbind
> account "domain+fred".
> 2. If "fred" does the same thing as above, but this time
> winbind isn't loaded (I need to restart smb after killing the winbind
> process) then everything works as I want.  The problem is that now with
> winbind not loaded, Windows Users who don't have a Linux account are
> to access most of the Linux shares.
> I'm hoping there's a way to fix this.  Ideally I'd like to allow
> everyone to access the Samba share on the linux server, if a user has a
> linux account then in addition I'd like their linux home directory to be
> displayed as well.
> Thanks in advance for help,
> John Matthews
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list