[Samba] Winbindd Question

Marc Muehlfeld Marc.Muehlfeld at medizinische-genetik.de
Sun Nov 12 19:00:41 GMT 2006


I have two Domains (DOM1 and DOM2). Each trust each other. Now I
configured winbind on PDC1 with the following settings:

        winbind separator = +
        idmap backend = ldap:ldap://
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/%U
        template shell = /bin/bash

On PDC1 i can see the users of DOM2 now:

# wbinfo -u

Nsswitch is configured to use winbind too.

I put DOM2+user2 in a global group (mygroup) on DOM1:

# id DOM2+user2
uid=10000(DOM2+user2) gid=10006(DOM2+domain users) 1031(mygroup)

I put a file on a share of PDC1 that is readable for mygroup:

# ls -la /share/test.txt
-rw-r-----  1 root mygroup 8 Sep 11 00:16 /share/test.txt

And here`s my problem:

When I do "su - DOM2+user2" on PDC1 I can read the content of this file
(because of being a member of the group that has read rights on the file).
But when I access the file from a machine out of DOM2, I get a permission
denied error message.

I allready found a older message from Gerald Carter where he said that
winbindd on a PDC only alloocates Unix ids for users and groups from
trusted domains. Not its own domain.

What other way do I have to make files accessable on a share for both
domain users? Or does winbind allready can handle this and I have done
something wrong in my coniguration.

Best regards

Marc Muehlfeld
Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
Lochhamer Str. 29 - D-82152 Martinsried
Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78

More information about the samba mailing list