[Samba] Re: Re: accessing shares

Emmanuel Viennot emmanuel.viennot at liddell-prod.com
Thu Oct 23 08:39:52 GMT 2003 

I don't know  how samba deals with Active Directory. I only use Linux group
and user with samba. Maybe try "@root" for the write list.

Unix permissions do matter ! The samba permissions can only be more
restrictive than Unix permission. it is not possible to make a folder
writable by a group with Samba if this group doesn't have the Unix
perimission.

For authentication, check your smbpasswd file to verify that each user that
try to access a share as a valid samba account. You can add a samba account
using the command smbpasswd -a myuser. The log file you are looking at is
the good one. You might increase the debug level in your smb.conf.

On my network we have the same account on PCs than on the linux samba server
so we don't have that kind of problems.

Emmanuel Viennot
Directeur Technique
Liddell Production
39, rue du Fbg Poissonnière - 75009 Paris
Tel: 01 53 24 68 35 Fax: 01 53 24 66 25

"Tim Jordan, Network Services" <timothy_jordan at labor.state.ak.us> a écrit
dans le message de news:3F96BF28.4020305 at labor.state.ak.us...
> "Domain Admins" is a valid Active Directory group.  I have it
> groupmapped to:
>         Domain Admins (S-1-5-21-3417231078-1290269627-1885213793-2005)
> -> root
> "tim" is a member of the "root" group
>
> [LinuxSoftware]
>     comment = OpenSource
>     path = /mnt/windows/Software/
>     public = yes
>     writable = yes
>     printable = no
>     write list =@"Domain Admins"
> drwxr--r--   57  tim    root        32768 Oct  8 00:49 Software (Do the
> unix permissions matter or just what is in the smb.conf?)
>
> >For the other share is you account TIM or tim ? Unix is case sensitive as
> >far as i know.
> >
> TIM is my windows active directory account - tim is my local unix account.
> [TIM]
>         comment = Tim's Service
>         path = /home/tim/
>         writeable = TIM
>         read only = No
>
> Winbind should be handling all authentication from our M$ PDC.  I can
> log into my Samba box with a M$ domain account.  I just can't seem to
> get the share authentication working.  I'm not sure what logs to watch.
> I have been reviewing the smbd, nmbd, winbind, and the log that is
> corresponding to the workstation trying to connect to the Samba share.
>
> In the logs I noticed that winbind is trying to authenticate the
> microsoft workstation connecting to the Samba share.
>
> > [2003/10/21 10:58:05, 10] nsswitch/winbindd.c:process_request(305)
> >   process_request: request fn GETPWNAM
> > [2003/10/21 10:58:05, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(112)
> >   [22176]: getpwnam DOL-ANC-WTS2$
> > [2003/10/21 10:58:05, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(147)
> >   user 'DOL-ANC-WTS2$' does not exist
>
> Have I missed something in the HOW TO: ?  I don't recall having to
> create machine accounts on the Samba server.  I thought Samba is
> supposed to authenticate the user trying to access the share.  If that
> is true perhaps I have a pam config file wrong?  I don't know where to
> start looking at how the authentication is handled on the Samba share
> and more importantly what order of authentication is being done...how do
> I tweak that order to point authentication to my M$ PDC?  I did it for
> the pam.d/login config file.
>
> Perhaps I'm not even on the right track...
> Tim
>
>
> Emmanuel Viennot wrote:
>
> >May be you should check your write list parameter wich is @"Domain
Admins"
> >. Is  Domain Admins a valid group and is "tim" a member of this group ?
> >For the other share is you account TIM or tim ? Unix is case sensitive as
> >far as i know.
> >
> >Hope that help.
> >
> >
> >
> >
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list