[Samba] winbind and bad permissions mapping from NT to Samba

Mauro Saitta mauro.saitta at opentex.it
Mon Mar 24 16:49:41 GMT 2003


I'm installed Samba 2.2.8 with the intetion of use it as file share for
a NT Domain.
I have also an interest to the use of extended ACL so I recompiled the
kernel (2.4.20) with the acl patch and I added to my system acl, attr,
e2fsprogs and fileutils packages.

After all I join the samba server into the NT domain:

	 smbpasswd -j SAMBATEST -r SAMBA-SRV -U Administrator

where SAMBATEST is the NT domain and SAMBA-SRV is the PDC .

Then I configured winbind and pam to permit of use domain user on the
file sharing system.

So, if I log on to an NT4 workstation with the domain user Mauro which
is not administrator and I create a file named pippo.txt on the shared
partition, I observe that its permissions on the NT system are :
	      Everyone                   Special Access (RX)*
              LAB5/Administrators        Special Access (All)*
              LAB5/Users                 Special Access (All)(All)
while on SAMBA-SRV if I run the command "ls -la" I observe that th
epermissions are correct:
-rwxr--r--    1 SAMBATEST+Mauro SAMBATEST+Domain Users  0 03-21 17:52
pippo.txt

Why the domain user is not mapped correctly on both the systems? 

Below I add my configurations:

1) smb.conf

[global]
        workgroup = SAMBATEST
        netbios name = LAB5
        server string = Samba Server
        security = DOMAIN
        encrypt passwords = Yes
        hosts equiv = SAMBA-SRV
        log file = /var/log/samba/log.%m
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        domain admin group = root @sys
        domain guest group = nobody @gust
        add user script = /usr/local/samba/bin/adduser -d /dev/null -s
        /bin/false -M %u        delete user script =
/usr/local/samba/bin/yserdel %u
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        template shell = /bin/bash
.
.
.

[SHARE1]
        comment = Risorsa Share
        path = /opt/share1
        admin users = root
        read only = No
        profile acls = Yes


2) /etc/pam.d/samba
auth            sufficient      /lib/security/pam_winbind.so
auth            sufficient      /lib/security/pam_pwdb.so use_first_pass
shadow nullok
account         required        /lib/security/pam_winbind.so


3) /etc/nsswitch.conf

passwd:     files winbind
shadow:     files winbind
group:      files winbind

hosts:      files nisplus dns wins



That's all.

Have you got any suggestions on what coud be the problem?

Thanks in advance for any help.

Mauro.




More information about the samba mailing list