[Samba] Permission Problem --Windows or UNIX?
stephen at totalflood.com
Wed Aug 23 14:32:49 GMT 2006
Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Stephen Carville wrote:
>>I am using Samba 3.0.20a with winbindd on FC3 and all
>>the shares except one are working. I keep getting a
>>permison denied error for non-local users in certain
>>And I have mapping between Windows and UNIX groups (list trimmed):
>># net groupmap list
>>Guests (S-1-5-32-546) -> nobody
>>Domain Guests (S-1-5-21-2679732778-2536521927-3344223750-1199) -> nobody
>>Server role: ROLE_DOMAIN_MEMBER
>>Press enter to see a dump of your service definitions
>> unix charset = LOCALE
>> workgroup = TOTALFLOOD
>> netbios name = FILE-CABINET
>> server string = Main File Server
>> security = DOMAIN
>> wins server = 192.168.124.10
>> idmap uid = 10000-100000000
>> idmap gid = 10000-100000000
> Why are you using 'net groupmap' and winbindd ?
As far as I could tell from the documentation on samba.org, that is the
corect way to use both local and windows accounts. Give ownership of
the directories to local accounts and groups. Use net groupmap to map
the Windows groups name to UNIX groupnames. Winbind provides the glue
to hold it together.
Home directories are owned by the UNIX account if it's local and by the
Win account as mapped by winbindd(?) otherwise
This seems to works for all but this one share.
> In any case, I think we have the 'valid users' and
> tokens stuff straightened out for systems with an smbpasswd
> file. I'll be posting a patch shortly to being 3.0.23b
> up to what is proposed to be the 3.0.23c code tree.
> You might want to look at that.
I don't use smbpasswd. I have an smbusers file that maps local account
to the equivalent Win account. For example my UNIX username is
"stephen" but my Win name is "scarville" so I have the entry:
stephen = TOTALFLOOD\scarville
I have similar entries for each local accounts that will also use the
samba services. Based on RT'ing the FM this looked like the right
thing to do.
If I'm doing it wrong, then I'll happily switch to doing it right if
someone can point me in that direction.
> cheers, jerry
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.4 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
Stephen Carville <stephen at totalflood.com>
Unix and Network Admin
6033 W. Century Blvd
Los Angeles, CA 90045
More information about the samba