[Samba] Samba Domain Member Server -- tdbsam/winbind/idmap_rid -- file ownership ?

Chris Hall chris.hall at halldom.com
Sat Feb 10 12:45:52 GMT 2007


Following myself up...

On Fri, 9 Feb 2007 Chris Hall <chris.hall at halldom.com> wrote
>
>I have just struggled to implement a Samba Domain Server, and have some 
>remaining issues.
>
>I have a Samba PDC using tdbsam, managing a domain called RHEA.
>
>I have (finally) configured a new Samba Domain Server (AUREUS) using 
>winbind and idmap_rid.
>
>When I am logged in to RHEA as user GMCH I can access a TMP share on 
>AUREUS (at last).
>
>Running 'getent passwd' I get (inter alia):
>
>  RHEA\gmch:*:12000:10513:....
>
>and 'getent group' gives:
>
>  RHEA\domain users:*:1053:RHEA\gmch:...
>
>When I create files on TMP I find that they are owned by 'root' and in 
>the group 'RHEA\domain users', eg:
>
>  -rwxr--r-- 1 root RHEA\domain users 8 Feb  8 20:29 Hello Samba
>
>The group is fine.
>
>QUESTION: why is the file owner not RHEA\gmch ?
>
>I note that 'RHEA\gmch' and 'RHEA\domain users' are apparently disabled 
>as far as getent can see -- so I suppose that's what winbindd is 
>telling it.  Is this the problem ?

I have told the pam set up to use winbindd.  No change.

I note that I can chown 'RHEA\gmch', but I cannot su 'RHEA\gmch' (su 
just quietly fails, and I stay as root).

If I put 'force user = RHEA\gmch' into a [TMP] share, the share becomes 
unusable !

What am I missing ??  Am I expecting too much ?  [Though given that I 
can chown to RHEA\gmch, I'd have thought that samba could ??]

Chris
-- 
Chris Hall



More information about the samba mailing list