[Samba] winbind problem with existing linux user accounts. (S amba 2.2.3a)

Noel Kelly nkelly at tarsus.co.uk
Wed Feb 27 08:40:05 GMT 2002 

John,

Maybe I am still off your track here, but I think what you need is the PAM
module for Samba.  This allows you to use winbind for authentication to both
the local machine and via the network. Have a look at Chapter 3 in the Samba
Proj Doc.

Noel

-----Original Message-----
From: Matthews, John [mailto:JMatthews at LIO.AACISD.com]
Sent: 26 February 2002 20:15
To: 'Noel Kelly'
Cc: 'samba at lists.samba.org'
Subject: RE: [Samba] winbind problem with existing linux user accounts.
(S amba 2.2.3a)


Hi Noel,

	Sorry I didn't explain my problem better. 

	The user "fred" is a linux user, who does most of their work in
linux.  I'd like to have their /home/fred directory available for browsing
when they are working in windows, which happens once in a while.   My
understanding of winbind is pretty shaky, but I was under the impression
that when "fred" is logged onto windows and accesses their home directory
through SAMBA, winbind would kick in and name them "domain+fred" and then
assign them a different UID than the user "fred" normally has.   I'd like to
avoid changing the owner of /home/fred to "domain+fred", because then I
would prohibit "fred" from working in their normal linux environment.  

	Ideally I'd like some way to tell winbind to not do anything if an
entry for that user name exists in passwd.  Maybe I'm going in the wrong
direction in using winbind.  Would it be possible to set up Samba so that it
would authenticate already existing entries in the passwd file with the
user's NT password, and then map all users without passwd entries to a
generic user account with read only permission?  I was looking for a way to
allow users with a linux account to keep two separate passwords, a linux
password and windows password.  Then when the user is in windows they could
access their files through Samba using the windows password.


	Thank you for taking the time to answer,
	John 



-----Original Message-----
From: Noel Kelly [mailto:nkelly at tarsus.co.uk]
Sent: Tuesday, February 26, 2002 2:33 PM
To: 'Matthews, John'; 'Ariel Mella'
Cc: samba at lists.samba.org
Subject: RE: [Samba] winbind problem with existing linux user accounts.
(S amba 2.2.3a)


John,

Just a quick idea - is this not a permissions thing ?  Surely the owner of
/home/fred should be domain+fred - try a 'chown domain+fred.domain+fred
/etc/home/fred' and see if that helps. With winbind running the network user
will be domain+fred and the right permissions are in place.

Noel

-----Original Message-----
From: Matthews, John [mailto:JMatthews at LIO.AACISD.com]
Sent: 26 February 2002 18:32
To: 'Ariel Mella'
Cc: samba at lists.samba.org
Subject: RE: [Samba] winbind problem with existing linux user accounts.
(S amba 2.2.3a)


Thank you for your reply.  
Below are the entries for winbind I have in my smb.conf.  Do you see any
problems with them?

# separate domain and username with '+', like DOMAIN+username
winbind separator = +
# use uids from 10000 to 20000 for domain users
winbind uid = 10000-20000
# user gids from 10000 to 20000 for domain groups
winbind gid = 10000-20000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet access)
template shell = /bin/bash
template homedir = /home/%U


In addition this is what I currently have for my pam.d/samba file:

auth 		sufficient	/lib/security/pam_winbind.so
auth		required	/lib/security/pam_stack.so
service=system-auth
auth		required	/lib/security/pam_stack.so
service=system-auth use_first_pass
account	required	/lib/security/pam_stack.so service=system-auth 

Would you mind recommending what other courses of action I should pursue?  

	Thanks in advance,
	John Matthews

-----Original Message-----
From: Ariel Mella [mailto:samba at nebula-sa.com.ar]
Sent: Tuesday, February 26, 2002 12:47 PM
To: Matthews, John; samba at lists.samba.org
Subject: Re: [Samba] winbind problem with existing linux user accounts.
(Samba 2.2.3a)


Mathews:

In your smb.conf you have to put somewhere whats uids winbind can take off.
[global]
winbind uid = 10000-20000
winbind gid = 10000-20000
this maps each ad or pdc account to a valid unix id.
this means that the user "fred" you are mentioning have already a uid in the
linux+winbind box.
but if you already have a "fred" account in the linux box and a "fred"
account in the ad or pdc and winbind is running the results is a unix
account and ad or pdc account that ar equal in name "fred" but different
uid.
i think that this is your problem.

> Hello,
>
> I'm experiencing a frustrating problem configuring winbind and Samba
> 2.2.3a on a Red Hat Linux 7.2 server.  I would appreciate ANY help and/or
> advice.  I have read the documentation which comes with the samba source,
> but I'm still having problems. I can successfully see the Windows
> Users/Groups through Linux, using "wbinfo -u", "wbinfo -g", "getent
passwd",
> and "getent group".  I think my problem might be related to the
pam.d/samba
> file, but I'm not sure how to fix it.
>
> Configuration: Red Hat Linux 7.2, Samba 2.2.3a with winbind. Primary
> Domain Controller is a Windows 2000 machine.
> Here's my problem:
>
> A user "fred" logs into his Windows 2000 PC, and attempts to access
> through Samba his /home/fred directory.
> 1. If "fred" is a normal linux user, and has an entry in
> /etc/passwd AND winbind is loaded then I receive an error  "The network
name
> cannot be found.".  Samba seems able to determine that "fred" is a linux
> user and shows the corresponding [homes] directory, I'm just not able to
> access the home directory.  I was thinking that this might be related to
the
> UID's being different between the linux account of "fred" and the windbind
> account "domain+fred".
> 2. If "fred" does the same thing as above, but this time
> winbind isn't loaded (I need to restart smb after killing the winbind
> process) then everything works as I want.  The problem is that now with
> winbind not loaded, Windows Users who don't have a Linux account are
unable
> to access most of the Linux shares.
>
> I'm hoping there's a way to fix this.  Ideally I'd like to allow
> everyone to access the Samba share on the linux server, if a user has a
> linux account then in addition I'd like their linux home directory to be
> displayed as well.
>
> Thanks in advance for help,
> John Matthews
>
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list