[Samba] winbind problem with existing linux user accounts. (S amba 2.2.3a)

Noel Kelly nkelly at tarsus.co.uk
Tue Feb 26 11:40:06 GMT 2002 

John,

Just a quick idea - is this not a permissions thing ?  Surely the owner of
/home/fred should be domain+fred - try a 'chown domain+fred.domain+fred
/etc/home/fred' and see if that helps. With winbind running the network user
will be domain+fred and the right permissions are in place.

Noel

-----Original Message-----
From: Matthews, John [mailto:JMatthews at LIO.AACISD.com]
Sent: 26 February 2002 18:32
To: 'Ariel Mella'
Cc: samba at lists.samba.org
Subject: RE: [Samba] winbind problem with existing linux user accounts.
(S amba 2.2.3a)


Thank you for your reply.  
Below are the entries for winbind I have in my smb.conf.  Do you see any
problems with them?

# separate domain and username with '+', like DOMAIN+username
winbind separator = +
# use uids from 10000 to 20000 for domain users
winbind uid = 10000-20000
# user gids from 10000 to 20000 for domain groups
winbind gid = 10000-20000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet access)
template shell = /bin/bash
template homedir = /home/%U


In addition this is what I currently have for my pam.d/samba file:

auth 		sufficient	/lib/security/pam_winbind.so
auth		required	/lib/security/pam_stack.so
service=system-auth
auth		required	/lib/security/pam_stack.so
service=system-auth use_first_pass
account	required	/lib/security/pam_stack.so service=system-auth 

Would you mind recommending what other courses of action I should pursue?  

	Thanks in advance,
	John Matthews

-----Original Message-----
From: Ariel Mella [mailto:samba at nebula-sa.com.ar]
Sent: Tuesday, February 26, 2002 12:47 PM
To: Matthews, John; samba at lists.samba.org
Subject: Re: [Samba] winbind problem with existing linux user accounts.
(Samba 2.2.3a)


Mathews:

In your smb.conf you have to put somewhere whats uids winbind can take off.
[global]
winbind uid = 10000-20000
winbind gid = 10000-20000
this maps each ad or pdc account to a valid unix id.
this means that the user "fred" you are mentioning have already a uid in the
linux+winbind box.
but if you already have a "fred" account in the linux box and a "fred"
account in the ad or pdc and winbind is running the results is a unix
account and ad or pdc account that ar equal in name "fred" but different
uid.
i think that this is your problem.

> Hello,
>
> I'm experiencing a frustrating problem configuring winbind and Samba
> 2.2.3a on a Red Hat Linux 7.2 server.  I would appreciate ANY help and/or
> advice.  I have read the documentation which comes with the samba source,
> but I'm still having problems. I can successfully see the Windows
> Users/Groups through Linux, using "wbinfo -u", "wbinfo -g", "getent
passwd",
> and "getent group".  I think my problem might be related to the
pam.d/samba
> file, but I'm not sure how to fix it.
>
> Configuration: Red Hat Linux 7.2, Samba 2.2.3a with winbind. Primary
> Domain Controller is a Windows 2000 machine.
> Here's my problem:
>
> A user "fred" logs into his Windows 2000 PC, and attempts to access
> through Samba his /home/fred directory.
> 1. If "fred" is a normal linux user, and has an entry in
> /etc/passwd AND winbind is loaded then I receive an error  "The network
name
> cannot be found.".  Samba seems able to determine that "fred" is a linux
> user and shows the corresponding [homes] directory, I'm just not able to
> access the home directory.  I was thinking that this might be related to
the
> UID's being different between the linux account of "fred" and the windbind
> account "domain+fred".
> 2. If "fred" does the same thing as above, but this time
> winbind isn't loaded (I need to restart smb after killing the winbind
> process) then everything works as I want.  The problem is that now with
> winbind not loaded, Windows Users who don't have a Linux account are
unable
> to access most of the Linux shares.
>
> I'm hoping there's a way to fix this.  Ideally I'd like to allow
> everyone to access the Samba share on the linux server, if a user has a
> linux account then in addition I'd like their linux home directory to be
> displayed as well.
>
> Thanks in advance for help,
> John Matthews
>
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list