[Samba] Problems mapping winbind/kerberos usernames and groups to
Linux user and groups.
dbroer at matrics.com
Wed Jan 28 22:26:54 GMT 2004
Samba 3.0.1 on Mandrake 9.1ish Kerberos version seems to match latest
stable MIT build.
I can log in via Kerberos authentication and/or winbind. A couple of
1) telnet with the domain username and password and the telnet session
doesnt reader /etc/bashrc. Telnet with local username and it does. bash
is the shell for both accounts.
2) The group account is Domain User with a guid of 10000. That
matches the winbind settings but I would like to have a group that both
local and domain users can belong to. So I dont have to open all shared
directories with chmod 777.
I have tried setting up a username map, but the moment I either map a domain
name to a unix name _or_ have a unix username that is the same as a domain
name, that user can no longer access the server.
template primary group = users. This seems to have no affect.
I have a CVS directory that for an internal project that I want to protect
and I dont want to set permissions to 777. I would also have to set the
default directory permissions for all the CVS users to 777 as well or they
will add directories that only same group members can access.
Should I just change the guid map to point everyone to 100? (guid users=100)
Samba was configured with the following options:
PAM wasnt compiled in.
# Samba config file created using SWAT
# from 192.168.0.85 (192.168.0.85)
# Date: 2004/01/28 17:07:49
# Global parameters
workgroup = MYWORKGROUP
realm = MYWORKGROUP.COM
security = DOMAIN
obey pam restrictions = Yes
log level = 2
add user script = /usr/sbin/useradd -s /bin/bash -g 100 %u
delete user script = /usr/sbin/userdel %u
preferred master = No
local master = No
domain master = No
dns proxy = No
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template primary group = users
template shell = /bin/bash
use sendfile = Yes
case sensitive = Yes
hide dot files = No
comment = Home directory
read only = No
browseable = No
path = /home/dirk
valid users = dirk
read only = No
guest ok = Yes
More information about the samba