[Samba] Changed UIDs from winbind after server reboot!
angela.gavazzi at goetheanum.ch
angela.gavazzi at goetheanum.ch
Mon May 3 09:47:52 GMT 2004
I set up a samba 3.0.2 server as member server in a NT4 Domain.
Winbind works great and I can "use" the NT Domain users for all I need.
At the moment I'm testing different shares with their permissions.
The Samba will also be our printserver, so I set up also cups and added
the printers to samba with cupsaddsmb - Great tool! . Users could
connect and all worked fine.
After a reboot I had to do after adding a kernel option (RTC),
suddenly the test user told me that they could
no longer connect to the shares and the printers.
When looking I found out, that all permissions where changed.
The first time I thought I did a big mistake because
working too long in the night. :-)
2 Days later I rebooted the server again - and had the same thing.
Alls permissions where changed.
I tested stopping samba and winbind - nothing strage happened.
Then I rebooted the server again - and a lot of UID changed again.
Did I missunderstood completely the function of winbind or is
there something wrong here?
Here a little more infos to the system
Let me know if other infos are needed.
Tia Angela
woody 3 with actual sec. patches
samba 3.0.2 from backports
here's the smb.conf
[global]
workgroup = AAG
netbios name = S10amba
security = domain
encrypt passwords = yes
password server = 192.168.100.31
wins server = 192.168.100.30
host msdfs = yes
#################################
#template shell = /bin/false
#template homedir = /work/home/%u
max mux = 200
max open files = 8000
###############################################################
# Umgang mit Daten
###############################################################
display charset = ISO8859-1
unix charset = ISO8859-1
dos charset = CP850
#username level = 5
case sensitive = no
Preserve case = yes
log file = /var/log/samba/log.smbd.%m
log level = 1
follow symlinks = yes
################################################################
#Diverse Einstellungen für DOS und Win
###############################################################
map archive = yes
map system = no
map hidden = no
###############################################################
# Globale Druckeinstellungen
###############################################################
load printers = yes
printing = cups
printcap name = cups
#schreibgeschützte Dateien dürfen gelöscht werden
delete readonly = yes
#Samba als Zeitserver; hauptsache es sind mal alle Uhren gleich....
time server = yes
dos filetimes = yes
fake directory create times = yes
dos filetime resolution = yes
# sichert die Integrität der Dateien gegen Verlust von Performance
; Am heikelsten sind Datenbankdateien also nur diese ohne oplocks
; und zwar für alle Verzeichnisse
veto oplock files = /*.mdb/*.dbf/
deadtime = 5
# Die folgenden Punkte müssen auf yes gestellt werden, wenn Samba
; als PDC fungieren soll.
os level = 20
local master = yes
preferred master = no
domain master = no
wins support = no
domain logons = no
winbind separator = +
# Benutze uids von 10000-20000 für Domänenbenutzer
winbind uid = 10000-20000
# Benutze gids von 10000-20000 für Domänengruppen
winbind gid = 10000-20000
# Erlaube enumeration von winbind user und gruppen
winbind enum users = yes
winbind enum groups = yes
name resolve order = wins hosts lmhosts bcast
############################################################
# Sicherheitseinstellungen
############################################################
hosts allow = 127.0.0.1 192.168.100.0/24
hosts deny = 0.0.0.0/0
[IPC$]
path = /tmp
hosts allow = 127.0.0.1 192.168.100.0/24
hosts deny = 0.0.0.0/0
#############################################################
#Drucker
#############################################################
[print$]
comment = Download Drucker Treiber
path = /work/printerdrivers
browseable = yes
guest ok = no
public = yes
read only = yes
write list = AAG+Domänen-Admins, root, AAG+Administrator
[printers]
path = /var/spool/samba
browseable = yes
public = yes
guest ok = no
writable = no
printable = yes
printer admin = AAG+Domänen-Admins, root, AAG+Administrator
write list = AAG+Domänen-Admins, root, AAG+Administrator
[AAG-Daten]
path = /work/dfs
msdfs root = yes
browseable = yes
writeable = yes
valid users =@AAG+Domänen-Benutzer
[AV]
path=/work/aag/edv/AV
Valid users = AAG+HHA @AAG+Domänen-Admins
write list = AAG+ HHA @AAG+Domänen-Admins
[EDV]
path = /work/aag/edv
browseable = yes
valid users = AAG+Domänen-Admins
write list = AAG+Domänen-Admins
admin users = AAG+Domänen-Admins
# ACL Einstellungen
nt acl support = yes
inherit acl = yes
create mask = 770
directory mask = 770
Security mask = 770
directory security mask = 0777
force security mode = 0000
force directory security mode = 0000
force group = AAG+Domänen-Admins
force create mode = 0770
force directory mode = 770
force security mode = 0440
force directory security mode = 0440
[Wochenschrift]
path = /work/aag/wosch
browseable = yes
valid users = AAG+Domänen-Admins AAG+AdminWochensch
write list = AAG+Domänen-Admins AAG+AdminWochensch
admin users = AAG+Domänen-Admins AAG+AdminWochensch
# ACL Einstellungen
nt acl support = yes
inherit acl = yes
create mask = 770
directory mask = 770
Security mask = 770
directory security mask = 0777
force security mode = 0000
force directory security mode = 0000
force group = AAG+AdminWochensch
force create mode = 0770
force directory mode = 770
force security mode = 0440
force directory security mode = 0440
[homes]
comment=Persönliches Verzeichenis von %S
path=/work/aag/users/%u
#valid users = %u AAG+Administrator
#force user=%u
writeable = yes
browseable = no
More information about the samba
mailing list