[Samba] winbind and bad permissions mapping from NT to Samba

Mon Mar 24 17:55:51 GMT 2003

On Mon, 24 Mar 2003, Mauro Saitta wrote:

> I'm installed Samba 2.2.8 with the intetion of use it as file share for
> a NT Domain.
> I have also an interest to the use of extended ACL so I recompiled the
> kernel (2.4.20) with the acl patch and I added to my system acl, attr,
> e2fsprogs and fileutils packages.

Did you mount the file system with acl suppport?

- John T.

>
> After all I join the samba server into the NT domain:
>
> 	 smbpasswd -j SAMBATEST -r SAMBA-SRV -U Administrator
>
> where SAMBATEST is the NT domain and SAMBA-SRV is the PDC .
>
> Then I configured winbind and pam to permit of use domain user on the
> file sharing system.
>
> So, if I log on to an NT4 workstation with the domain user Mauro which
> is not administrator and I create a file named pippo.txt on the shared
> partition, I observe that its permissions on the NT system are :
> 	      Everyone                   Special Access (RX)*
>               LAB5/Administrators        Special Access (All)*
>               LAB5/Users                 Special Access (All)(All)
> while on SAMBA-SRV if I run the command "ls -la" I observe that th
> epermissions are correct:
> -rwxr--r--    1 SAMBATEST+Mauro SAMBATEST+Domain Users  0 03-21 17:52
> pippo.txt
>
> Why the domain user is not mapped correctly on both the systems?
>
> Below I add my configurations:
>
> 1) smb.conf
>
> [global]
>         workgroup = SAMBATEST
>         netbios name = LAB5
>         server string = Samba Server
>         security = DOMAIN
>         encrypt passwords = Yes
>         hosts equiv = SAMBA-SRV
>         log file = /var/log/samba/log.%m
>         max log size = 50
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         domain admin group = root @sys
>         domain guest group = nobody @gust
>         add user script = /usr/local/samba/bin/adduser -d /dev/null -s
>         /bin/false -M %u        delete user script =
> /usr/local/samba/bin/yserdel %u
>         winbind uid = 10000-20000
>         winbind gid = 10000-20000
>         template shell = /bin/bash
> .
> .
> .
>
> [SHARE1]
>         comment = Risorsa Share
>         path = /opt/share1
>         admin users = root
>         read only = No
>         profile acls = Yes
>
>
> 2) /etc/pam.d/samba
> auth            sufficient      /lib/security/pam_winbind.so
> auth            sufficient      /lib/security/pam_pwdb.so use_first_pass
> shadow nullok
> account         required        /lib/security/pam_winbind.so
>
>
> 3) /etc/nsswitch.conf
>
> passwd:     files winbind
> shadow:     files winbind
> group:      files winbind
>
> hosts:      files nisplus dns wins
>
>
>
> That's all.
>
> Have you got any suggestions on what coud be the problem?
>
> Thanks in advance for any help.
>
> Mauro.
>
>
>

-- 
John H Terpstra
Email: jht at samba.org