[Samba] Problems mapping winbind/kerberos usernames and groups to Linux user and groups.

Dirk Broer dbroer at matrics.com
Wed Jan 28 22:26:54 GMT 2004 

Samba 3.0.1 on Mandrake 9.1ish  Kerberos version seems to match latest
stable MIT build.

I can log in via Kerberos authentication and/or winbind.  A couple of
problems though.

1)       telnet with the domain username and password and the telnet session
doesn’t reader /etc/bashrc.  Telnet with local username and it does.  bash
is the shell for both accounts.
2)       The group account is ‘Domain User” – with a guid of 10000.  That
matches the winbind settings but I would like to have a group that both
local and domain users can belong to.  So I don’t have to open all shared
directories with chmod 777.

I have tried setting up a username map, but the moment I either map a domain
name to a unix name _or_ have a unix username that is the same as a domain
name, that user can no longer access the server.

template primary group = users.  This seems to have no affect.

I have a CVS directory that for an internal project that I want to protect
and I don’t want to set permissions to 777.  I would also have to set the
default directory permissions for all the CVS users to 777 as well – or they
will add directories that only same group members can access.

Should I just change the guid map to point everyone to 100? (guid users=100)

Samba was configured with the following options:
--with-acl-support
--with-automount
--with-smbmount
--with-libsmbclient
--with-sendfile-support
--with-smbwrapper
--with-winbind

PAM wasn’t compiled in.



# Samba config file created using SWAT
# from 192.168.0.85 (192.168.0.85)
# Date: 2004/01/28 17:07:49

# Global parameters
[global]
               workgroup = MYWORKGROUP
               realm = MYWORKGROUP.COM
               security = DOMAIN
               obey pam restrictions = Yes
               log level = 2
               add user script = /usr/sbin/useradd -s /bin/bash -g 100 %u
               delete user script = /usr/sbin/userdel %u
               preferred master = No
               local master = No
               domain master = No
               dns proxy = No
               ldap ssl = no
               idmap uid = 10000-20000
               idmap gid = 10000-20000
               template primary group = users
               template shell = /bin/bash
               use sendfile = Yes
               case sensitive = Yes
               hide dot files = No

[homes]
               comment = Home directory
               read only = No
               browseable = No

[dirk]
               path = /home/dirk
               valid users = dirk
               read only = No
               guest ok = Yes

Thank you,
Dirk


#include <standard_disclaimer>
#include <funny_quote>

More information about the samba mailing list