[Samba] Group mapping, among other problems

Granzow, Matt (MED, Adecco) Mathew.Granzow at med.ge.com
Wed Oct 1 15:23:10 GMT 2003

Hopefully I can write this out so someone understands it.  

We are currently running a number of Solaris servers, to which windows
computers need to connect.  Currently they connect via NFS using
hummingbird's NFS client.  This requires them to have a separate unix
account along with their windows account.

Our idea is to implement samba 3.0.0 to eliminate that NFS client.  

My current problems are:

#1, when I mount my share (in either windows or unix using smbclient), I
am not getting the proper permissions.  We have a group (lets call it
happy) in both unix, and in our windows domain.  with winbind, the
domain\happy group obviously isn't getting the same GID as the unix
happy group.  the share we are working on is 0775, so I can't write to
it when I connect using my domain acct.  in net groupmap  a mapping for
the group domain\happy = happy, and in my username.map file, I have * =
domain\*.   What else do I need to setup to get this working?  using
getent group I only get one group in my domain, but when I run wbinfo -g
I get the full list.  getent passwd gets me all the users in the domain,
so I don't understand what is so broken about groups.  

#2, when I have something mounted, and I run smbstatus (or click status
from swat), it will just hang where it is finding who is connected.  

Here is a copy of my smb.conf file.  hopefully it will help someone
figure this out.  yes winbind is running, and it has a computer account
in the domain.  wbinfo works.  ntlm_auth works.  So I know I'm close,
but I just can't figure out this last part.  and yes, I do need that
many uid's if I have to use winbind enum users = yes

        workgroup = ourdomain
        netbios name = BOXEN
        server string = Samba %v on %L
        security = DOMAIN
        password server = pdc
        username map = /usr/local/samba/lib/username.map
        username level = 2
        log file = /var/log/samba/samba.%m
        max open files = 20000
        load printers = No
        preferred master = No
        local master = No
        domain master = No
        kernel oplocks = No
        ldap ssl = no
        idmap uid = 10000-45000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        create mask = 0775
        directory mask = 0775
        mangled names = No
        oplocks = No
        level2 oplocks = No

        comment = viewstorage
        path = /smbview
        read only = No
        writable = yes

/smbview is 0775 and so are all the files in it.  All i need to do is
get users that authenticate via samba to get the proper group assigned
when they connect.

Thanks for any help!
Mathew Granzow

More information about the samba mailing list