[Samba] winbind and remote users
devel at thom.fr.eu.org
devel at thom.fr.eu.org
Fri Jul 4 16:21:33 GMT 2008
I think you're investigating in the wrong direction. As far as I
understood (I may be mistaken too) a user of SANTARCANGELO domain, even if
it logs on another domain's machine is still a SANTARCANGELO domain's
user. That means, the user properties (home directory, profile path, ...)
come from SANTARCANGELO domain PDC
What you should check is wether the SANTARCANGELO domain's user logged on
a CENTROSTORICO domain's machine can still access (by browsing the network
neighbourhood for instance) his home directory (wherever it resides in the
SANTARCANGELO domain) from this "foreign" machine.
François
> ciao.
>
> i'm using samba 3.0.30 from gentoo (emerge).
> [ebuild R ] net-fs/samba-3.0.30 USE="acl cups ipv6 pam python
> quotas readline winbind -ads -async -automount -caps -doc -examples -
> fam -ldap (-selinux) -swat -syslog" LINGUAS="-ja -pl" 20,030 kB
>
> i didn't found many howto on this...
> but i did red the howto
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html
>
> the network is connected via openvpn, with a "central" wins server and
> other
> pdc client of it.
> i didn't set up an ldap because the user base is very small (2-4 per
> site).
> i have set up the relationship between domains, and tested it with wbinfo.
> also, getent passwd give me all the clients of all domains.
>
> now, an user A from domain SANTARCANGELO have to login in a CENTROSTORICO
> domain member machine.
>
> the user is correctly authenticated, but it does not load the home
> directory.
> so i setted up:
> ---
> template homedir = /home/winbind/%D/%U
> template shell = /bin/false
> ---
> so i have created directory SANTARCANGELO in /home/winbind/ of
> CENTROSTORICO
> and then i copied the whole profile inside SANTARCAGELO with rsync, and
> chowned it.
> does not work.
>
> so copied the home direcotry of user in /home of CENTROSTORICO.
> does not work anyway.
>
> now i have commented the two "template" lines cause seems that thay are
> only
> needed to log in with telnet, ssh, and so on.
>
> i have installed inotify tools and seems that on local directory no files
> are
> opened.
> in the domain master SANTARCAGELO instead there are at least one access in
> the
> home directory, but only in /home and /home/username.
>
> here the output of testparm, stripped of shares "comune", "printers"
> e "print$".
>
> any help would be welcome, also rtfm and link to howto/manuals.
>
> config of santarcangelo:
> ---
> [global]
> workgroup = SANTARCANGELO
> netbios name = SANTARCANGELO
> server string = Santarcangelo Samba Server
> interfaces = 192.168.0.0/16
> username map = /etc/samba/smbusers
> password level = 8
> username level = 8
> log file = /var/log/samba/log.%m
> max log size = 1000
> name resolve order = wins host lmhosts bcast
> unix extensions = No
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> printcap name = cups
> add machine script = /usr/sbin/useradd -d /dev/null -g machines -c
> 'Machine Account' -s /bin/false '%m$'
> logon script = logon.bat
> logon path = \\%L\%U\.ntprofile
> logon drive = Z:
> logon home = \\%L\%U
> domain logons = Yes
> os level = 33
> preferred master = Yes
> domain master = Yes
> wins support = Yes
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> winbind trusted domains only = Yes
> admin users = @root
> hosts allow = 127.0.0.1, 192.168.0.0/16, 172.16.0.0/24
> hide unreadable = Yes
> include = /etc/samba/smb.conf.santarcangelo-server
>
> [homes]
> comment = Home Directory of %u
> read only = No
> create mask = 0644
> browseable = No
>
> [netlogon]
> path = /var/lib/samba/netlogon/
> write list = @root
> browseable = No
>
> [profiles]
> path = /home/%u/.ntprofiles
> read only = No
> create mask = 0600
> directory mask = 0700
> ---
>
> config di centrostorico:
> ---
> [global]
> workgroup = CENTROSTORICO
> netbios name = CENTROSTORICO
> server string = Centro Storico Samba Server
> interfaces = 192.168.0.0/16
> username map = /etc/samba/smbusers
> password level = 8
> username level = 8
> log file = /var/log/samba/log.%m
> max log size = 1000
> name resolve order = wins host lmhosts bcast
> unix extensions = No
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> printcap name = cups
> add machine script = /usr/sbin/useradd -d /dev/null -g machines -c
> 'Machine Account' -s /bin/false '%m$'
> logon script = logon.bat
> logon path = \\%L\%U\.ntprofile
> logon drive = Z:
> logon home = \\%L\%U
> domain logons = Yes
> os level = 33
> preferred master = Yes
> domain master = Yes
> wins proxy = Yes
> wins server = 192.168.0.1
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> winbind trusted domains only = Yes
> admin users = @root
> hosts allow = 127.0.0.1, 192.168.0.0/16, 172.16.0.0/24
> hide unreadable = Yes
> include = /etc/samba/smb.conf.centrostorico-server
>
> [homes]
> comment = Home Directory of %u
> read only = No
> create mask = 0644
> browseable = No
>
> [netlogon]
> path = /var/lib/samba/netlogon/
> write list = @root
> browseable = No
>
> [profiles]
> path = /home/%u/.ntprofiles
> read only = No
> create mask = 0600
> directory mask = 0700
> ---
>
> thanks a lot!
> d.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
--
François Legal
More information about the samba
mailing list