[Samba] Please, help me clarify (winbind).

Mon Feb 21 01:58:25 MST 2011

What do you mean with acl's. Did you do the acl' s from windows. My attempts
to do this failed every time. The only way make this
work is under samba4.
With samba3 I had to tune it within my share definitions in my smb.conf.
create mask and so on.....
Now with this it is nearly impossible to have by ex. two different groups
manage their files (as in windows) on one share.
So you have to make a large group with all the users having write perms and
on the other side a group to have read perms.
You may test   #vfs objects = acl_xattr

-----------------------------------------------
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------

-----Ursprüngliche Nachricht-----
Von: Aleix Dorca [mailto:adorca at uda.ad] 
Gesendet: Montag, 21. Februar 2011 09:33
An: mueller at tropenklinik.de
Cc: samba at lists.samba.org
Betreff: Re: AW: [Samba] Please, help me clarify (winbind).

Daniel, thanks for your answer.

What you say it is absolutely true. That was my first attempt to get things
woking, avoid if possible Winbind, and IT DID work UNTIL I added ACL's on
shares. After that it seems winbind was unavoidable. Then all the confusion
began.

Still stuck, I'm afraid.

Aleix.

El 21/02/2011, a las 9:11, Daniel Müller escribió:

> If I have understood right:you have a PDC/LDAP-Samba!!! And no Windows
> Server and no Windows ADS so you do not need winbind at all.
> Just make the Windows Server a member of your Samba-Server that’s it.
> 
> -----------------------------------------------
> EDV Daniel Müller
> 
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> 
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
> 
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
Im
> Auftrag von Aleix Dorca
> Gesendet: Samstag, 19. Februar 2011 21:40
> An: samba at lists.samba.org
> Betreff: [Samba] Please, help me clarify (winbind).
> 
> Hi again,
> 
> still struggling with winbind and trying to understand how it is supposed
to
> work. Let's see if someone can answer a simple resolution question so I
can
> see if something is wrong with my setup.
> 
> One PDC/LDAP (no winbind), nss with ldap. This works fine as far as I can
> tell.
> 
> The other machine is a DMS. Let's say I have an entry like this on my
> 'getent passwd' (via LDAP):
> 
> adorca:x:10033:513:Aleix Dorca:/home/adorca:/bin/bash
> 
> As far as I can tell this user's uid is 10033.
> 
> So, now the question: If a windows machine should connect to this server
> what would winbind return as uid number? 10033 via NSS_LDAP or a new
mapping
> stored/created on my LDAP Server. And would this user be treated as a
> 'Domain User' or as a 'Unix User'?
> 
> The Samba How-To Collections states on 'Winbind with NSS to resolve
> UNIX/Linux user and group IDs':
> 
> "The use of the LDAP-based passdb backend requires use of the PADL
nss_ldap
> utility or an equivalent. In this situation winbind is used to handle
> foreign SIDs, that is, SIDs from standalone Windows clients (i.e., not a
> member of our domain) as well as SIDs from another domain. The foreign
> UID/GID is mapped from allocated ranges (idmap uid and idmap gid) in
> precisely the same manner as when using winbind with a local IDMAP table."
> 
> As I understand this having NSS with Ldap an winbind running a query to
user
> 'adorca' should return uid=10033 and not a new idmap mapping. Is this
> correct?
> 
> Please someone answer... I'm about to loose it trying to understand how
this
> should work.
> 
> Thanks,
> 
> Aleix.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 