[Samba] Samba or NFS for a new domain member server

Samba Administrator samba at preventionpartners.com
Tue May 9 14:17:21 GMT 2006

Please forgive me if this post appears multiple times.  I have had trouble posting and I cannot be sure if any of my other posts have made it to the list.

I have 10 XP clients authenticating against a Samba PDC, using passwd as the passdb backend. The Samba PDC provides several shares to the XP clients.

Priviledges on the Samba PDC are controlled by *nix user and group permissions.

I do not have any Windows servers on my network, so we do not use any of the Windows group capabilities beyond the default groups.

My Samba PDC is running out of room, so I want to move the shares to a new server with more storage, but I want the Samba PDC to continue to authenticate my XP clients.

Should I maintain the definition of the shares on the Samba PDC, but actually store the data on the new server and make it available to the PDC via NFS. In other words, do not use Samba on the new server, but use NFS instead?


Should I use Samba and winbind on the new server to provide access to the shares and control permissions?

Any thoughts or experiences are appreciated.
Scott Rosa
Debian-sarge, Samba 3.0.14

Note: I know that the simple solution would have been to make the new box the PDC, which I may still do. However, I may be adding a second member server soon, so I needed to figure out how to integrate the member server into my network anyway.

I have been able to get samba on the new server to use the old PDC to authenticate the users. And, I have been able to verify with wbinfo -u. However, I run into a problem with group permissions.

When I do a wbinfo -r <username> on the member server, I get a list of numeric group ids for the user. The count matches the number of groups that the user belongs to on the PDC. Having virtually no experience with samba, I thought that might not be a big deal, especially since I could determine the group name by using the following commands:

wbinfo -G <group-id>
wbinfo -s <SID from the command above>

For, example:
wbinfo -G 10012 returns S-1-5-21-...-3003
S-1-5-21-...-3003 returns PP+fl_staff 2

However, when I tried to set up one of the directories that I want to move from the existing PDC to the member server, I could not assign the appropriate group to the directory.

For examble, on the member server:

chgrp PP+fl_staff pub
chgrp "PP+fl_staff" pub
chgrp "PP+fl_staff 2" pub

all return an error:

chgrp: invalid group name `PP+fl_staff'

Now, if I change the group ownership to the appropriate GID (in this case, 10012), the chgrp command works and my XP clients can access the directory with the appropriate permissions, which I guess I can do. But, if something happens to winbind idmap tables and things get renumbered for some reason, I don't want to have to face the task of fixing the GIDs across some files and directories. 

Sent via the WebMail system at preventionpartners.com


More information about the samba mailing list