[Samba] winbind bug?
Doug Tucker
tuckerd at lyle.smu.edu
Thu Mar 27 12:25:29 MDT 2014
[root at lylesmb1 samba]# getent passwd tuckerd
tuckerd:vpEMa0kDPwsvM:4011:500:Doug Tucker:/users4/enoc/tuckerd:/bin/bash
[root at lylesmb1 samba]# getent passwd jghorbanian
jghorbanian:pgPJ8tAYoZaFo:11333:450:Jafar
Ghorbanian:/users5/megrad/jghorbanian:/bin/bash
[root at lylesmb1 samba]# id tuckerd
uid=4011(tuckerd) gid=500(seasadm) groups=500(seasadm)
[root at lylesmb1 samba]# id jghorbanian
uid=11333(jghorbanian) gid=450(cmegrad) groups=450(cmegrad)
tuckerd works
jghorbanian does not work...on windows 7...works on windows XP...note
his unix ID# > 11000...i changed his unix id to 3308 and then he worked
just fine.
Sincerely,
Doug Tucker
On 03/27/2014 01:12 PM, Chan Min Wai wrote:
> did getent passwd username
>
> or id username show something strange?
>
>
>
> On Fri, Mar 28, 2014 at 2:08 AM, Doug Tucker <tuckerd at lyle.smu.edu
> <mailto:tuckerd at lyle.smu.edu>> wrote:
>
> On 03/27/2014 12:51 PM, Chan Min Wai wrote:
>
> Hi Doung,
>
> Quote you statement "configuration and held the unix uid's,
> etc..that this would tell samba to look to AD for those values
> (which concerns me to put that in and break all the existing
> users) and we certainly do not have that in our AD here"
>
> If your AD users don't have unix uid , home dir, shell...
>
> It gets this from unix. We merely pass the login credentials to
> AD for authentication. Then we map to the unix side for unix uid,
> home dir. This directive maps the unix users to a corresponding
> AD user:
>
> # Unix users can map to different SMB User names
> username map = /etc/samba/domain_user.map
>
>
>
> If you don't have unix uid, winbind will not read this users...
>
> All users are being read by winbind, even the ones that are
> failing..those with unix ID > 11000. I can show you the logs on a
> failed user. They pass authentication. Their unix id is correct.
> Samba presents then their home directory, and then suddenly drops
> to "access denied".
>
> Not to throw confusion in it as I am trying to get some focus on
> this fact that unix ID > 11000 fails on windows 7..but, if I
> change the home directory permissions on the unix side from 700
> (standard) to 777...the user that *was* failing can then map the
> directory, and when they write files, it is written with the
> correct permissions.
>
>
>
>
>
>
More information about the samba
mailing list