[Samba] Changed UIDs from winbind after server reboot!

angela.gavazzi at goetheanum.ch angela.gavazzi at goetheanum.ch
Mon May 3 09:47:52 GMT 2004


I set up a samba 3.0.2 server as member server in a NT4 Domain.
Winbind works great and I can "use" the NT Domain users for all I need.
At the moment I'm testing different shares with their permissions.
The Samba will also be our printserver, so I set up also cups and added
the printers to samba with cupsaddsmb - Great tool! . Users could
connect and all worked fine.

After a reboot I had to do after adding a kernel option (RTC),
suddenly the test user told me that they could 
no longer connect to the shares and the printers.
When looking I found out, that all permissions where changed.
The first time I thought I did a big mistake because
working too long in the night. :-)
2 Days later I rebooted the server again - and had the same thing.
Alls permissions where changed.

I tested stopping samba and winbind - nothing strage happened.
Then I rebooted the server again - and a lot of UID changed again.

Did I missunderstood completely the function of winbind or is
there something wrong here?


Here a little more infos to the system 

Let me know if other infos are needed.

Tia Angela

woody 3 with actual sec. patches
samba 3.0.2 from backports
here's the smb.conf

[global]

workgroup = AAG
netbios name = S10amba
security = domain
encrypt passwords = yes
password server = 192.168.100.31
wins server = 192.168.100.30
host msdfs = yes
#################################

#template shell = /bin/false
#template homedir = /work/home/%u    
max mux = 200
max open files = 8000

###############################################################
# Umgang mit Daten
###############################################################
display charset = ISO8859-1
unix charset = ISO8859-1
dos charset = CP850

#username level = 5
case sensitive = no
Preserve case = yes

log file = /var/log/samba/log.smbd.%m
log level = 1

follow symlinks = yes
################################################################
#Diverse Einstellungen für DOS und Win
###############################################################
map archive = yes
map system = no
map hidden = no

###############################################################
# Globale Druckeinstellungen
###############################################################

load printers = yes
printing = cups
printcap name = cups


#schreibgeschützte Dateien dürfen gelöscht werden
delete readonly = yes

#Samba als Zeitserver; hauptsache es sind mal alle Uhren gleich....
time server = yes
dos filetimes = yes
fake directory create times = yes
dos filetime resolution = yes

# sichert die Integrität der Dateien gegen Verlust von Performance
; Am heikelsten sind Datenbankdateien also nur diese ohne oplocks
; und zwar für alle Verzeichnisse
veto oplock files = /*.mdb/*.dbf/

deadtime = 5

# Die folgenden Punkte müssen auf yes gestellt werden, wenn Samba
; als PDC fungieren soll.

os level = 20

local master = yes
preferred master = no
domain master = no
wins support = no
domain logons = no
winbind separator = +

# Benutze uids von 10000-20000 für Domänenbenutzer
winbind uid = 10000-20000

# Benutze gids von 10000-20000 für Domänengruppen
winbind gid = 10000-20000

# Erlaube enumeration von winbind user und gruppen
winbind enum users = yes
winbind enum groups = yes

name resolve order = wins hosts lmhosts bcast

############################################################
# Sicherheitseinstellungen
############################################################

hosts allow = 127.0.0.1 192.168.100.0/24
hosts deny = 0.0.0.0/0

[IPC$]
path = /tmp
hosts allow = 127.0.0.1 192.168.100.0/24
hosts deny = 0.0.0.0/0
#############################################################
#Drucker
#############################################################

[print$]
comment = Download Drucker Treiber
path = /work/printerdrivers
browseable = yes
guest ok = no
public = yes
read only = yes
write list = AAG+Domänen-Admins, root, AAG+Administrator

[printers]
path = /var/spool/samba
browseable = yes
public = yes
guest ok = no
writable = no
printable = yes
printer admin = AAG+Domänen-Admins, root, AAG+Administrator
write list = AAG+Domänen-Admins, root, AAG+Administrator
[AAG-Daten]

        path = /work/dfs
        msdfs root = yes
        browseable = yes
        writeable = yes
        valid users =@AAG+Domänen-Benutzer

[AV]
        path=/work/aag/edv/AV
        Valid users = AAG+HHA @AAG+Domänen-Admins
        write list = AAG+ HHA @AAG+Domänen-Admins

[EDV] 
        path = /work/aag/edv
        browseable = yes
        valid users = AAG+Domänen-Admins
        write list = AAG+Domänen-Admins
        admin users = AAG+Domänen-Admins

        # ACL Einstellungen
        nt acl support = yes
        inherit acl = yes
        create mask = 770
        directory mask = 770
        Security mask = 770
        directory security mask  = 0777

        force security mode = 0000
        force directory security mode = 0000
        force group = AAG+Domänen-Admins
        force create mode = 0770
        force directory mode = 770
        force security mode = 0440
        force directory security mode = 0440
[Wochenschrift]
        path = /work/aag/wosch
        browseable = yes
        valid users = AAG+Domänen-Admins AAG+AdminWochensch
        write list = AAG+Domänen-Admins AAG+AdminWochensch
        admin users = AAG+Domänen-Admins AAG+AdminWochensch

        # ACL Einstellungen
        nt acl support = yes
        inherit acl = yes
        create mask = 770
        directory mask = 770
        Security mask = 770
        directory security mask  = 0777

        force security mode = 0000
        force directory security mode = 0000
        force group = AAG+AdminWochensch
        force create mode = 0770
        force directory mode = 770
        force security mode = 0440
        force directory security mode = 0440

[homes]
        comment=Persönliches Verzeichenis von %S
        path=/work/aag/users/%u
        #valid users = %u AAG+Administrator 
        #force user=%u 
        writeable = yes
        browseable = no




More information about the samba mailing list