[Samba] winbind and remote users

Daniele Palumbo daniele at retaggio.net
Fri Jul 4 07:50:35 GMT 2008 

ciao.

i'm using samba 3.0.30 from gentoo (emerge).
[ebuild   R   ] net-fs/samba-3.0.30  USE="acl cups ipv6 pam python  
quotas readline winbind -ads -async -automount -caps -doc -examples - 
fam -ldap (-selinux) -swat -syslog" LINGUAS="-ja -pl" 20,030 kB

i didn't found many howto on this...
but i did red the howto 
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html

the network is connected via openvpn, with a "central" wins server and other 
pdc client of it.
i didn't set up an ldap because the user base is very small (2-4 per site).
i have set up the relationship between domains, and tested it with wbinfo.
also, getent passwd give me all the clients of all domains.

now, an user A from domain SANTARCANGELO have to login in a CENTROSTORICO 
domain member machine.

the user is correctly authenticated, but it does not load the home directory.
so i setted up:
---
template homedir = /home/winbind/%D/%U
template shell = /bin/false
---
so i have created directory SANTARCANGELO in /home/winbind/ of CENTROSTORICO 
and then i copied the whole profile inside SANTARCAGELO with rsync, and 
chowned it.
does not work.

so copied the home direcotry of user in /home of CENTROSTORICO.
does not work anyway.

now i have commented the two "template" lines cause seems that thay are only 
needed to log in with telnet, ssh, and so on.

i have installed inotify tools and seems that on local directory no files are 
opened.
in the domain master SANTARCAGELO instead there are at least one access in the 
home directory, but only in /home and /home/username.

here the output of testparm, stripped of shares "comune", "printers" 
e "print$".

any help would be welcome, also rtfm and link to howto/manuals.

config of santarcangelo:
---
[global]
        workgroup = SANTARCANGELO
        netbios name = SANTARCANGELO
        server string = Santarcangelo Samba Server
        interfaces = 192.168.0.0/16
        username map = /etc/samba/smbusers
        password level = 8
        username level = 8
        log file = /var/log/samba/log.%m
        max log size = 1000
        name resolve order = wins host lmhosts bcast
        unix extensions = No
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = cups
        add machine script = /usr/sbin/useradd -d /dev/null -g machines -c  
'Machine Account' -s /bin/false '%m$'
        logon script = logon.bat
        logon path = \\%L\%U\.ntprofile
        logon drive = Z:
        logon home = \\%L\%U
        domain logons = Yes
        os level = 33
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        winbind trusted domains only = Yes
        admin users = @root
        hosts allow = 127.0.0.1, 192.168.0.0/16, 172.16.0.0/24
        hide unreadable = Yes
        include = /etc/samba/smb.conf.santarcangelo-server

[homes]
        comment = Home Directory of %u
        read only = No
        create mask = 0644
        browseable = No

[netlogon]
        path = /var/lib/samba/netlogon/
        write list = @root
        browseable = No

[profiles]
        path = /home/%u/.ntprofiles
        read only = No
        create mask = 0600
        directory mask = 0700
---

config di centrostorico:
---
[global]
        workgroup = CENTROSTORICO
        netbios name = CENTROSTORICO
        server string = Centro Storico Samba Server
        interfaces = 192.168.0.0/16
        username map = /etc/samba/smbusers
        password level = 8
        username level = 8
        log file = /var/log/samba/log.%m
        max log size = 1000
        name resolve order = wins host lmhosts bcast
        unix extensions = No
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = cups
        add machine script = /usr/sbin/useradd -d /dev/null -g machines -c  
'Machine Account' -s /bin/false '%m$'
        logon script = logon.bat
        logon path = \\%L\%U\.ntprofile
        logon drive = Z:
        logon home = \\%L\%U
        domain logons = Yes
        os level = 33
        preferred master = Yes
        domain master = Yes
        wins proxy = Yes
        wins server = 192.168.0.1
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        winbind trusted domains only = Yes
        admin users = @root
        hosts allow = 127.0.0.1, 192.168.0.0/16, 172.16.0.0/24
        hide unreadable = Yes
        include = /etc/samba/smb.conf.centrostorico-server

[homes]
        comment = Home Directory of %u
        read only = No
        create mask = 0644
        browseable = No

[netlogon]
        path = /var/lib/samba/netlogon/
        write list = @root
        browseable = No

[profiles]
        path = /home/%u/.ntprofiles
        read only = No
        create mask = 0600
        directory mask = 0700
---

thanks a lot!
d.

More information about the samba mailing list