[Samba] winbind and bad permissions mapping from NT to Samba

Mauro Saitta mauro.saitta at opentex.it
Mon Mar 24 16:49:41 GMT 2003

I'm installed Samba 2.2.8 with the intetion of use it as file share for
a NT Domain.
I have also an interest to the use of extended ACL so I recompiled the
kernel (2.4.20) with the acl patch and I added to my system acl, attr,
e2fsprogs and fileutils packages.

After all I join the samba server into the NT domain:

	 smbpasswd -j SAMBATEST -r SAMBA-SRV -U Administrator

where SAMBATEST is the NT domain and SAMBA-SRV is the PDC .

Then I configured winbind and pam to permit of use domain user on the
file sharing system.

So, if I log on to an NT4 workstation with the domain user Mauro which
is not administrator and I create a file named pippo.txt on the shared
partition, I observe that its permissions on the NT system are :
	      Everyone                   Special Access (RX)*
              LAB5/Administrators        Special Access (All)*
              LAB5/Users                 Special Access (All)(All)
while on SAMBA-SRV if I run the command "ls -la" I observe that th
epermissions are correct:
-rwxr--r--    1 SAMBATEST+Mauro SAMBATEST+Domain Users  0 03-21 17:52

Why the domain user is not mapped correctly on both the systems? 

Below I add my configurations:

1) smb.conf

        workgroup = SAMBATEST
        netbios name = LAB5
        server string = Samba Server
        security = DOMAIN
        encrypt passwords = Yes
        hosts equiv = SAMBA-SRV
        log file = /var/log/samba/log.%m
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        domain admin group = root @sys
        domain guest group = nobody @gust
        add user script = /usr/local/samba/bin/adduser -d /dev/null -s
        /bin/false -M %u        delete user script =
/usr/local/samba/bin/yserdel %u
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        template shell = /bin/bash

        comment = Risorsa Share
        path = /opt/share1
        admin users = root
        read only = No
        profile acls = Yes

2) /etc/pam.d/samba
auth            sufficient      /lib/security/pam_winbind.so
auth            sufficient      /lib/security/pam_pwdb.so use_first_pass
shadow nullok
account         required        /lib/security/pam_winbind.so

3) /etc/nsswitch.conf

passwd:     files winbind
shadow:     files winbind
group:      files winbind

hosts:      files nisplus dns wins

That's all.

Have you got any suggestions on what coud be the problem?

Thanks in advance for any help.


More information about the samba mailing list