[Samba] winbind and bad permissions mapping from NT to Samba
John H Terpstra
jht at samba.org
Mon Mar 24 17:55:51 GMT 2003
On Mon, 24 Mar 2003, Mauro Saitta wrote:
> I'm installed Samba 2.2.8 with the intetion of use it as file share for
> a NT Domain.
> I have also an interest to the use of extended ACL so I recompiled the
> kernel (2.4.20) with the acl patch and I added to my system acl, attr,
> e2fsprogs and fileutils packages.
Did you mount the file system with acl suppport?
- John T.
>
> After all I join the samba server into the NT domain:
>
> smbpasswd -j SAMBATEST -r SAMBA-SRV -U Administrator
>
> where SAMBATEST is the NT domain and SAMBA-SRV is the PDC .
>
> Then I configured winbind and pam to permit of use domain user on the
> file sharing system.
>
> So, if I log on to an NT4 workstation with the domain user Mauro which
> is not administrator and I create a file named pippo.txt on the shared
> partition, I observe that its permissions on the NT system are :
> Everyone Special Access (RX)*
> LAB5/Administrators Special Access (All)*
> LAB5/Users Special Access (All)(All)
> while on SAMBA-SRV if I run the command "ls -la" I observe that th
> epermissions are correct:
> -rwxr--r-- 1 SAMBATEST+Mauro SAMBATEST+Domain Users 0 03-21 17:52
> pippo.txt
>
> Why the domain user is not mapped correctly on both the systems?
>
> Below I add my configurations:
>
> 1) smb.conf
>
> [global]
> workgroup = SAMBATEST
> netbios name = LAB5
> server string = Samba Server
> security = DOMAIN
> encrypt passwords = Yes
> hosts equiv = SAMBA-SRV
> log file = /var/log/samba/log.%m
> max log size = 50
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> domain admin group = root @sys
> domain guest group = nobody @gust
> add user script = /usr/local/samba/bin/adduser -d /dev/null -s
> /bin/false -M %u delete user script =
> /usr/local/samba/bin/yserdel %u
> winbind uid = 10000-20000
> winbind gid = 10000-20000
> template shell = /bin/bash
> .
> .
> .
>
> [SHARE1]
> comment = Risorsa Share
> path = /opt/share1
> admin users = root
> read only = No
> profile acls = Yes
>
>
> 2) /etc/pam.d/samba
> auth sufficient /lib/security/pam_winbind.so
> auth sufficient /lib/security/pam_pwdb.so use_first_pass
> shadow nullok
> account required /lib/security/pam_winbind.so
>
>
> 3) /etc/nsswitch.conf
>
> passwd: files winbind
> shadow: files winbind
> group: files winbind
>
> hosts: files nisplus dns wins
>
>
>
> That's all.
>
> Have you got any suggestions on what coud be the problem?
>
> Thanks in advance for any help.
>
> Mauro.
>
>
>
--
John H Terpstra
Email: jht at samba.org
More information about the samba
mailing list