[Samba] WinBind does not work well with Rational ClearCase (bugfix atta ched :)

Andrew Bartlett abartlet at pcug.org.au
Sun May 19 19:31:03 GMT 2002

Stephen Jazdzewski wrote:
> >You are accessing clearcase on UNIX right?
> Yes we will be.  But not right now.  Since ClearCase will not support Unix
> clients from a Windows VOB server, we started with a Linux Server even though
> our first clients are all windows.
> >Not through Samba.
> No, we are using Samba in addition to WinBind.  I am fuzzy on why ClearCase
> needs Samba in addition to it's own stuff.  I think that is how the Windows
> View Server talks to the Unix VOB Server.
> >You need winbindd so that Windows domain users can have a UNIX account
> >and access the respoitory on the UNIX server.  Right?
> Yes that is correct.

What type of DC?  ADS or NT4?

> Most sites can control the primary windows group users get for any Domain.  We
> can add users to a clearcase group, but can't make it the user's primary
> group.  clearcase has a patch to get around it under Windows.  They use a
> special environment variable.
> I limited the "winbind primary group" so it would only set the primary group
> if the user is actually a member of the group in the first place.  But this
> can be overridden with the "winbind force primary".  The primary group value
> is a RID and *not* a Unix GID.

Assuming this is a problem only for access *via* samba, and that you
*can* change the windows primary group (I'm not sure this applies in
your case, but I'll detail the solution anyway) we can fix this.

I'm doing some work in HEAD for this kind of thing, and I'll be changing
the code so that the users' Windows primary group (as specified by the
returned NET_USER_INFO3) becomes their unix primary group for Samba's
internal stuff.

Currently we do a getpwnam(), which returnes "Domain Users" for all NT4
based users (or all users for 2.2).  (At least I think we do that for
getpwnam, we certainly do it for getpwent()).

I'll be chaning it so that it simply does a sid->gid on the Users
primary group sid, and uses that.

This will have the same effect as a normal 'force group' directive, but
be 'general' to the problem, rather than a hack workaround...

> I suspect if I use Andrew's suggestion and set g+s on the directories it may
> work, and this has worked for me in the past when using NFS & NIS+.  But one
> of the first questions on the pre-techsupport droid's check list is "type 'id'
> and read me your default user group...".

This should work better with HEAD and an ADS backend.  We don't have to
fudge the primary group in that case.

> This default group thing has *never* been a problem for me under Unix.
> Once I applied the patch, clearcase started working like a charm.
> -Stephen
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list