[Samba] W2K Domain Users in Samba

Sean P. Elble elbles at sessys.com
Wed Apr 19 16:42:09 GMT 2006


My comments are within your original post to the mailing list.

|  Sean Elble                                     |
|  Virginia Tech                                  |
|  Computer Engineering, Class of 2008            |
|  Vice President, VTLUUG                         |
|  E-Mail:   elbles at sessys.com                    |

On Wed, 19 Apr 2006, jim_mosbey at dps.state.ny.us wrote:

> Looking for a poniter in the right direction
> My current configuration is
> NT4 PDC (Solaris PCnetlink)
> Samba Member server (Solaris 9 Samba ver 3.0.20b)for file and print
> sharing
> WinXp Pro Clients SP2
> My problem is with the Domain Users. I am able to share out file systems
> to the XP clients from my Samba server OK. I am also able to modify the
> permissions for the files in the share in Solaris using the chmod, chgrp
> and chown. This seems to work OK. When I am on the WinXp client and I look
> at the security permissions tab on the folder properties that I own, I
> cannot see the NT4 Domain Users, all I see are the \\localmachine\user
> when what I want is the  \\domain\user. When I try to add a domain user in
> the secrutiy properties page I see the domain and the list of users but
> when I select a user or group and select add it does not add it to the
> folder properties. I am new to Samba -- am I missing some simple
> configuration parameter or is this how it is suppose to work.

My first question to you is how have you setup the users on this Solaris 
file server? For file sharing to work properly,I'd imagine you either are 
running Winbind for the user database on the server, OR you are using 
username mapping, with local users on the file server as well. If you are 
not, well, that is your problem right there. Samba needs to know which 
UNIX user owns the files, and has the various permissions: Knowing which 
user in the Windows domain would not do Samba any good, as it doesn't 
maintain a permissions database for files separate of the UNIX file 
permissions scheme (someone please correct me if I am wrong here).

This is quite unlike Sun's PC Netlink, which, IIRC, is a product developed 
under a source code license from Microsoft, allowing for full Windows NT 
4.0 PDC functionality from a Solaris server (versions were produced for 
other versions of UNIX as well). However, it maintains its own database 
for file permissions, and it does not require local UNIX users for every 
Windows user in the domain.

As such, my recommendation would be to run Winbind on the file server, 
which will allow you to authenticate local UNIX users via the PC Netlink 
PDC, and allow you to do file permissions and other such things on the 
UNIX level quite easily. I cannot say for sure that this is where your 
problem lies, but I'd put some money on it (if I were not a poor college 
student, that is :-)).

> alb-smb(test)# ./testparm /etc/samba/smb.conf
> Load smb config files from /etc/samba/smb.conf
> Processing section "[printers]"
> Processing section "[R]"
> Processing section "[logs]"
> Loaded services file OK.
> Press enter to see a dump of your service definitions
> [global]
>        workgroup = TESTDOM
>        server string = %h - Samba Server %v
>        security = DOMAIN
>        password server = test-net
>        log level = 4
>        log file = /var/log/samba/log.%m
>        max log size = 50
>        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>        printcap name = /etc/printcap
>        dns proxy = No
>        wins server =
> [printers]
>        comment = All Printers
>        path = /var/spool/samba
>        printable = Yes
>        browseable = No
> [R]
>        comment = R Drive
>        path = /share/R
>        public = yes
>        writable = yes
>        create mask = 0755
>        guest ok = Yes
>        nt acl support = true
> [logs]
>        comment = Testing logs
>        path = /share/logs
>        public = yes
>        writable = yes
>        create mask = 0755
>        guest ok = Yes
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list