[Samba] Another Winbind question...

dj at 4ict.com dj at 4ict.com
Mon Sep 30 10:51:29 GMT 2002 

Hello Gareth,

See below for my comments.


On Mon, 30 Sep 2002, Gareth Davies wrote:

> Still having problems with Winbind.
>
> I'm using Samba 2.2.5 and Debian 3.0.
>
> It seems to be 95% running now but where the documentation runs out...I
> can't seem to get it working.
>
> Samba is sharing fine, I can get to Public and Temporary shares and share
> the printers (not that I have any).
>
> But when in comes to home directories I can't seem to get it to work ( I am
> planning on using this machine as the main file server for user home
> directories and company shares). It will work if I manually create a user on
> the machine that matches the user in the domain (the old way).
>
> Wbinfo -t tells me my secret is fine, I've joined the domain, I've used
> wbinfo -A Administrator so it always connects with admin, wbinfo -g and
> wbinfo -u return all users and groups correctly and I have no Iptables or
> Ipchains.
>
> Smbstatus returns the following:
> Samba version 2.2.5
> Service      uid      gid      pid     machine
> ----------------------------------------------
> Public       WILLOWBROOK+gdavies WILLOWBROOK+Domain Users   536   it-win2k
> (192.168.2.2) Tue Sep 30 10:50:23 2003
> IPC$         WILLOWBROOK+ADMINISTRATOR WILLOWBROOK+Domain Users   547
> willowbrookli01 (192.168.1.2) Tue Sep 30 10:54:47 2003
> IPC$         nobody   nogroup    536   it-win2k (192.168.2.2) Tue Sep 30
> 10:54:16 2003
> IPC$         WILLOWBROOK+gdavies WILLOWBROOK+Domain Users   536   it-win2k
> (192.168.2.2) Tue Sep 30 10:54:16 2003
>
> Locked files:
> Pid    DenyMode   Access      R/W        Oplock           Name
> --------------------------------------------------------------
> 536    DENY_NONE  0x20089     RDONLY     EXCLUSIVE+BATCH
> /public/smbstatus.txt   Tue Sep 30 10:54:40 2003
>
> Which seems to me as though it's recognising the users.
>
> When I do getent passwd and getent groups it's my understanding that the
> home directories should be created with the correct permissions.

Here you are wrong. It is your task to create the home directories
yourself. Winbind creates a second passwd and group file (sort of
speaking) and you can see the result of that with the getent command.

But the local things related to accounts (home dirs, quotas, ...) are not
done by winbind and therefore have to be done by you.

> I have su'ed to my username WILLOWBROOK+gdavies on the linux machine and
> created my home directory and I can now see it but when trying to connect it
> prompts for a password which it always rejects. I think this server event is
> related:
>
> Service Ticket Request Failed:
> User Name: IT-WIN2K$
> User Domain: WILLOWBROOK.LOCAL
> Service Name: HOST/IT-DEBIAN
> Ticket Options: 0x40810010
> Failure Code: 0x7
> Client Address: 192.168.2.2
>
> IT-Win2k is my machine and IT-Debian is the SAMBA machine.
>
> Do I need to manually create the homedirs? If so how?

I've created a howto that explains a simular setup as your and includes a
way to auto create home dirs for users using pam.

You can find this howto at :

http://www.sin.khk.be/~dj/

> Here is my smb.conf:
>
> workgroup = WILLOWBROOK
> hosts allow = 192.168.0.0/255.255.0.0 127.0.0.1
> security = domain
> wins server = 192.168.1.2
> password server = WILLOWBROOK01
>
> winbind uid = 10000-65000
> winbind gid = 10000-65000
> template homedir = /home/%D/%U
> template shell = /bin/sh
> winbind separator = +
> winbind enum users = yes
> winbind enum groups = yes
> add user script = /usr/sbin/useradd -d /home/%D/%U -s /bin/false -M %U

I can already comment that when using winbind you can best remove this
line since winbind will create the users. But see my howto for a full
smb.conf.

> [homes]
>      comment = Home Directories
>      browseable = no
>      writable = yes
>      valid users = %S
>      create mode = 0664

Kind regards,
Tim Verhoeven

-- 
===========================================================================
Tim Verhoeven
                                Linux & Open Source Specialist
GSM : 0496 / 693 453                          + e-business solutions
Email : dj at 4ict.com                           + consulting
URL : www.sin.khk.be/~dj/                     + Server consolidation
===========================================================================

More information about the samba mailing list