[Samba] Having it both ways with winbind

Braden Bill Bill.Braden at thomson.net
Fri May 20 16:03:09 GMT 2005

I appreciate the feedback so far from Michael and Basil.

Michael,Thanks for the nsswitch.conf suggestion but I already have 
"files nis winbind"  in nsswitch.conf and my pam.conf has

login   auth requisite          pam_authtok_get.so.1
login   auth sufficient         pam_dhkeys.so.1
login   auth sufficient         pam_unix_auth.so.1
login   auth sufficient         pam_dial_auth.so.1
login   auth sufficient         /usr/lib/security/pam_winbind.so.1
rlogin  auth sufficient         pam_rhosts_auth.so.1
rlogin  auth requisite          pam_authtok_get.so.1
rlogin  auth sufficient         pam_dhkeys.so.1
rlogin  auth sufficient         pam_unix_auth.so.1
rlogin  auth sufficient         /usr/lib/security/pam_winbind.so.1
other   auth requisite          pam_authtok_get.so.1
other   auth sufficient         pam_dhkeys.so.1
other   auth sufficient         pam_unix_auth.so.1
other   auth sufficient         /usr/lib/security/pam_winbind.so.1

Basil, what I mean is that I have all my unix users in NIS (should have
mentioned that to start).  Those people are fine when they actually log
into any Unix box but if they connect to the samba shares, from windows
like run -> \\sambashares,  Winbind gets in the way and assigns them a
new UID, GID and home directory based on these settings 

        winbind uid = 37000-39999
        winbind gid = 37000-39999
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /tmp/winbind/%D/%U

instead of using the information out of NIS.  

What I want is for the users that have a valid entry in NIS to connect
to the shares with that UID, GID and home directory.  If they connect to
the shares as a valid ADS user but there is no matching username in NIS
then winbind should kick in and auto generate the UID, GID and home

-- Bill 

More information about the samba mailing list