[Samba] Winbindd Question
Marc.Muehlfeld at medizinische-genetik.de
Sun Nov 12 19:00:41 GMT 2006
I have two Domains (DOM1 and DOM2). Each trust each other. Now I
configured winbind on PDC1 with the following settings:
winbind separator = +
idmap backend = ldap:ldap://192.168.1.4
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/bash
On PDC1 i can see the users of DOM2 now:
# wbinfo -u
Nsswitch is configured to use winbind too.
I put DOM2+user2 in a global group (mygroup) on DOM1:
# id DOM2+user2
uid=10000(DOM2+user2) gid=10006(DOM2+domain users) 1031(mygroup)
I put a file on a share of PDC1 that is readable for mygroup:
# ls -la /share/test.txt
-rw-r----- 1 root mygroup 8 Sep 11 00:16 /share/test.txt
And here`s my problem:
When I do "su - DOM2+user2" on PDC1 I can read the content of this file
(because of being a member of the group that has read rights on the file).
But when I access the file from a machine out of DOM2, I get a permission
denied error message.
I allready found a older message from Gerald Carter where he said that
winbindd on a PDC only alloocates Unix ids for users and groups from
trusted domains. Not its own domain.
What other way do I have to make files accessable on a share for both
domain users? Or does winbind allready can handle this and I have done
something wrong in my coniguration.
Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
Lochhamer Str. 29 - D-82152 Martinsried
Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78
More information about the samba