[Samba] Making Linux and domain users the same

org-samba at freed.com org-samba at freed.com
Sat Mar 2 06:44:34 MST 2013

> Is your /etc/nsswitch.conf setup to use winbind?

Yes -- and winbindd is running.  

passwd:     files nis winbind
group:      files nis winbind

Without winbindd, I don't think Windows users could access the shares at all.  It's a good question, though; you have reminded me to mention that the users in question aren't actually "local," they come into the system via NIS -- managed by a very old Solaris 6 machine.  (!)

Don't ask why we're doing it this way; I've inherited the network.  I might be able to eliminate NIS authentication, but things are so entwined that I'm reluctant to do so before I've updated some of the other systems.

(I don't think NIS changes anything about this question, but it's better to have all the facts.)

----- Original Message -----
From: "John Drescher" <drescherjm at gmail.com>
To: org-samba at freed.com, "samba" <samba at lists.samba.org>
Sent: Saturday, March 2, 2013 7:38:56 AM GMT -05:00 US/Canada Eastern
Subject: Re: [Samba] Making Linux and domain users the same

On Sat, Mar 2, 2013 at 4:21 AM,  <org-samba at freed.com> wrote:
> I have a set of Linux boxes with (nearly) working Samba configurations.  Windows users can get in and work with shares.  My one problem is that the local  user "joe" is not the same as the domain user that logs into Samba.  And that means that users cannot access their own home directories, unless I relax the Linux permissions.
> This is not surprising, given the way Samba was configured -- but the question now is "how can I fix it?"  I have played with the usermap, but haven't gotten that to work.  And I would prefer not to have to map every user on every target box; there are a lot of them.  It seems likely that there should be a global solution to this.
> The evidence for the problem is clear.  Below is a listing of directory containing two files:  one created under by the local Linux user, and one created by the same user on a Windows box connecting to the share:
> $ ls -l
> total 4
> -rw-r--r-- 1 joe    users        3 Mar  2 03:40 File_Created_In_Linux
> -rwxrw-rw- 1 joe    domain users 3 Mar  1 13:12 File_Created_In_Windows
> $ ls -n
> total 4
> -rw-r--r-- 1    12903      100 3 Mar  2 03:40 File_Created_In_Linux
> -rwxrw-rw- 1 16777217 16777216 3 Mar  1 13:12 File_Created_In_Windows
> And here is the Samba config:
> [global]
>         workgroup = XXXXX
>         realm = XXXXX.com
>         netbios aliases = XXXXX
>         security = DOMAIN
>         password server = XXXXX
>         wins server = XXXXX
>         ldap ssl = no
>         idmap uid = 16777216-33554431
>         idmap gid = 16777216-33554431
>         template homedir = /usr/acct/%U
>         template shell = /bin/tcsh
>         winbind cache time = 5
>         winbind use default domain = Yes
>         create mask = 0777
>         directory mask = 0777
> [myshare]
>         path = /shares/test
>         read only = No
> [homes]
>         read only = No
> --
> Thanks in advance for any light you might shine on this.

Is your /etc/nsswitch.conf setup to use winbind?


More information about the samba mailing list