[Samba] Winbind: User can read a file on server but not on a share
Felipe Augusto van de Wiel
felipe at paranacidade.org.br
Wed Sep 13 13:30:51 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
On 09/11/2006 08:24 PM, Marc Mühlfeld escreveu:
> I have two Domains (DOM1 and DOM2). Each trust each other. Now I
> configured winbind on PDC1 with the following settings:
Are you sure about the trust part? Can you send the
steps you made to establish the inter domain trust relationship?
> winbind separator = +
> idmap backend = ldap:ldap://192.168.1.4
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind enum users = yes
> winbind enum groups = yes
> template homedir = /home/%U
> template shell = /bin/bash
> On PDC1 i can see the users of DOM2 now:
> # wbinfo -u
> Nsswitch is configured to use winbind too.
> I put DOM2+user2 in a global group (mygroup) on DOM1:
> # id DOM2+user2
> uid=10000(DOM2+user2) gid=10006(DOM2+domain users) groups=10006(DOM2+domain users),1031(mygroup)
Hmmm, why mygroup is not in the form "DOM1+mygroup"?
> I put a file on a share of PDC1 that is readable for mygroup:
> # ls -la /share/test.txt
> -rw-r----- 1 root mygroup 8 Sep 11 00:16 /share/test.txt
> And here`s my problem:
> When I do "su - DOM2+user2" on PDC1 I can read the content of
> this file (because of being a member of the group that has
> read rights on the file). But when I access the file from a
> machine out of DOM2, I get a permission denied error message.
> Maybe anybody can tell me what I did wrong.
> Best regards
Can you send the smb.conf from both servers?
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba