[Samba] Winbind: User can read a file on server but not on a share

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Wed Sep 13 13:30:51 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/11/2006 08:24 PM, Marc Mühlfeld escreveu:
> Hello,
> 
> I have two Domains (DOM1 and DOM2). Each trust each other. Now I 
> configured winbind on PDC1 with the following settings:

	Are you sure about the trust part? Can you send the
steps you made to establish the inter domain trust relationship?


>         winbind separator = +
>         idmap backend = ldap:ldap://192.168.1.4
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         winbind enum users = yes
>         winbind enum groups = yes
>         template homedir = /home/%U
>         template shell = /bin/bash
> 
> 
> On PDC1 i can see the users of DOM2 now:
> 
> # wbinfo -u
> DOM2+user2
> .....
> 
> 
> Nsswitch is configured to use winbind too.
> 
> 
> I put DOM2+user2 in a global group (mygroup) on DOM1:
> 
> # id DOM2+user2
> uid=10000(DOM2+user2) gid=10006(DOM2+domain users) groups=10006(DOM2+domain users),1031(mygroup)

	Hmmm, why mygroup is not in the form "DOM1+mygroup"?

	

> I put a file on a share of PDC1 that is readable for mygroup:
> 
> # ls -la /share/test.txt
> -rw-r-----  1 root mygroup 8 Sep 11 00:16 /share/test.txt
> 
> 
> And here`s my problem:
> 
> When I do "su - DOM2+user2" on PDC1 I can read the content of 
> this file (because of being a member of the group that has
> read rights on the file). But when I access the file from a
> machine out of DOM2, I get a permission denied error message.

[...]

> Maybe anybody can tell me what I did wrong.
> 
> Best regards
> Marc

	Can you send the smb.conf from both servers?

	Kind regards,

- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFCAgLCj65ZxU4gPQRApSVAJ0ZyDIuTbTg0pL9jzynpS1Ngl5mzgCgqO+K
In8bK+leooy52YE1/HiPHNs=
=w8+b
-----END PGP SIGNATURE-----

More information about the samba mailing list