samba - Feb 2002 - winbind problem with existing linux user accounts. (S amba 2.2.3a)

Thank you for your reply.  
Below are the entries for winbind I have in my smb.conf.  Do you see any
problems with them?

# separate domain and username with '+', like DOMAIN+username
winbind separator = +
# use uids from 10000 to 20000 for domain users
winbind uid = 10000-20000
# user gids from 10000 to 20000 for domain groups
winbind gid = 10000-20000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet access)
template shell = /bin/bash
template homedir = /home/%U


In addition this is what I currently have for my pam.d/samba file:

auth 		sufficient	/lib/security/pam_winbind.so
auth		required	/lib/security/pam_stack.so
service=system-auth
auth		required	/lib/security/pam_stack.so
service=system-auth use_first_pass
account	required	/lib/security/pam_stack.so service=system-auth 

Would you mind recommending what other courses of action I should pursue?  

	Thanks in advance,
	John Matthews

-----Original Message-----
From: Ariel Mella [mailto:samba@nebula-sa.com.ar]
Sent: Tuesday, February 26, 2002 12:47 PM
To: Matthews, John; samba@lists.samba.org
Subject: Re: [Samba] winbind problem with existing linux user accounts.
(Samba 2.2.3a)


Mathews:

In your smb.conf you have to put somewhere whats uids winbind can take off.
[global]
winbind uid = 10000-20000
winbind gid = 10000-20000
this maps each ad or pdc account to a valid unix id.
this means that the user "fred" you are mentioning have already a uid
in the
linux+winbind box.
but if you already have a "fred" account in the linux box and a
"fred"
account in the ad or pdc and winbind is running the results is a unix
account and ad or pdc account that ar equal in name "fred" but
different
uid.
i think that this is your problem.
> Hello,
>
> I'm experiencing a frustrating problem configuring winbind and Samba
> 2.2.3a on a Red Hat Linux 7.2 server.  I would appreciate ANY help and/or
> advice.  I have read the documentation which comes with the samba source,
> but I'm still having problems. I can successfully see the Windows
> Users/Groups through Linux, using "wbinfo -u", "wbinfo
-g", "getent
passwd",
> and "getent group".  I think my problem might be related to the
pam.d/samba
> file, but I'm not sure how to fix it.
>
> Configuration: Red Hat Linux 7.2, Samba 2.2.3a with winbind. Primary
> Domain Controller is a Windows 2000 machine.
> Here's my problem:
>
> A user "fred" logs into his Windows 2000 PC, and attempts to
access
> through Samba his /home/fred directory.
> 1. If "fred" is a normal linux user, and has an entry in
> /etc/passwd AND winbind is loaded then I receive an error  "The
network
name
> cannot be found.".  Samba seems able to determine that
"fred" is a linux
> user and shows the corresponding [homes] directory, I'm just not able
to
> access the home directory.  I was thinking that this might be related to
the
> UID's being different between the linux account of "fred" and
the windbind
> account "domain+fred".
> 2. If "fred" does the same thing as above, but this time
> winbind isn't loaded (I need to restart smb after killing the winbind
> process) then everything works as I want.  The problem is that now with
> winbind not loaded, Windows Users who don't have a Linux account are
unable
> to access most of the Linux shares.
>
> I'm hoping there's a way to fix this.  Ideally I'd like to
allow
> everyone to access the Samba share on the linux server, if a user has a
> linux account then in addition I'd like their linux home directory to
be
> displayed as well.
>
> Thanks in advance for help,
> John Matthews
>
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

John,

Just a quick idea - is this not a permissions thing ?  Surely the owner of
/home/fred should be domain+fred - try a 'chown domain+fred.domain+fred
/etc/home/fred' and see if that helps. With winbind running the network user
will be domain+fred and the right permissions are in place.

Noel

-----Original Message-----
From: Matthews, John [mailto:JMatthews@LIO.AACISD.com]
Sent: 26 February 2002 18:32
To: 'Ariel Mella'
Cc: samba@lists.samba.org
Subject: RE: [Samba] winbind problem with existing linux user accounts.
(S amba 2.2.3a)


Thank you for your reply.  
Below are the entries for winbind I have in my smb.conf.  Do you see any
problems with them?

# separate domain and username with '+', like DOMAIN+username
winbind separator = +
# use uids from 10000 to 20000 for domain users
winbind uid = 10000-20000
# user gids from 10000 to 20000 for domain groups
winbind gid = 10000-20000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet access)
template shell = /bin/bash
template homedir = /home/%U


In addition this is what I currently have for my pam.d/samba file:

auth 		sufficient	/lib/security/pam_winbind.so
auth		required	/lib/security/pam_stack.so
service=system-auth
auth		required	/lib/security/pam_stack.so
service=system-auth use_first_pass
account	required	/lib/security/pam_stack.so service=system-auth 

Would you mind recommending what other courses of action I should pursue?  

	Thanks in advance,
	John Matthews

-----Original Message-----
From: Ariel Mella [mailto:samba@nebula-sa.com.ar]
Sent: Tuesday, February 26, 2002 12:47 PM
To: Matthews, John; samba@lists.samba.org
Subject: Re: [Samba] winbind problem with existing linux user accounts.
(Samba 2.2.3a)


Mathews:

In your smb.conf you have to put somewhere whats uids winbind can take off.
[global]
winbind uid = 10000-20000
winbind gid = 10000-20000
this maps each ad or pdc account to a valid unix id.
this means that the user "fred" you are mentioning have already a uid
in the
linux+winbind box.
but if you already have a "fred" account in the linux box and a
"fred"
account in the ad or pdc and winbind is running the results is a unix
account and ad or pdc account that ar equal in name "fred" but
different
uid.
i think that this is your problem.
> Hello,
>
> I'm experiencing a frustrating problem configuring winbind and Samba
> 2.2.3a on a Red Hat Linux 7.2 server.  I would appreciate ANY help and/or
> advice.  I have read the documentation which comes with the samba source,
> but I'm still having problems. I can successfully see the Windows
> Users/Groups through Linux, using "wbinfo -u", "wbinfo
-g", "getent
passwd",
> and "getent group".  I think my problem might be related to the
pam.d/samba
> file, but I'm not sure how to fix it.
>
> Configuration: Red Hat Linux 7.2, Samba 2.2.3a with winbind. Primary
> Domain Controller is a Windows 2000 machine.
> Here's my problem:
>
> A user "fred" logs into his Windows 2000 PC, and attempts to
access
> through Samba his /home/fred directory.
> 1. If "fred" is a normal linux user, and has an entry in
> /etc/passwd AND winbind is loaded then I receive an error  "The
network
name
> cannot be found.".  Samba seems able to determine that
"fred" is a linux
> user and shows the corresponding [homes] directory, I'm just not able
to
> access the home directory.  I was thinking that this might be related to
the
> UID's being different between the linux account of "fred" and
the windbind
> account "domain+fred".
> 2. If "fred" does the same thing as above, but this time
> winbind isn't loaded (I need to restart smb after killing the winbind
> process) then everything works as I want.  The problem is that now with
> winbind not loaded, Windows Users who don't have a Linux account are
unable
> to access most of the Linux shares.
>
> I'm hoping there's a way to fix this.  Ideally I'd like to
allow
> everyone to access the Samba share on the linux server, if a user has a
> linux account then in addition I'd like their linux home directory to
be
> displayed as well.
>
> Thanks in advance for help,
> John Matthews
>
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Hi Noel,

	Sorry I didn't explain my problem better. 

	The user "fred" is a linux user, who does most of their work in
linux.  I'd like to have their /home/fred directory available for browsing
when they are working in windows, which happens once in a while.   My
understanding of winbind is pretty shaky, but I was under the impression
that when "fred" is logged onto windows and accesses their home
directory
through SAMBA, winbind would kick in and name them "domain+fred" and
then
assign them a different UID than the user "fred" normally has.  
I'd like to
avoid changing the owner of /home/fred to "domain+fred", because then
I
would prohibit "fred" from working in their normal linux environment.

	Ideally I'd like some way to tell winbind to not do anything if an
entry for that user name exists in passwd.  Maybe I'm going in the wrong
direction in using winbind.  Would it be possible to set up Samba so that it
would authenticate already existing entries in the passwd file with the
user's NT password, and then map all users without passwd entries to a
generic user account with read only permission?  I was looking for a way to
allow users with a linux account to keep two separate passwords, a linux
password and windows password.  Then when the user is in windows they could
access their files through Samba using the windows password.


	Thank you for taking the time to answer,
	John 



-----Original Message-----
From: Noel Kelly [mailto:nkelly@tarsus.co.uk]
Sent: Tuesday, February 26, 2002 2:33 PM
To: 'Matthews, John'; 'Ariel Mella'
Cc: samba@lists.samba.org
Subject: RE: [Samba] winbind problem with existing linux user accounts.
(S amba 2.2.3a)


John,

Just a quick idea - is this not a permissions thing ?  Surely the owner of
/home/fred should be domain+fred - try a 'chown domain+fred.domain+fred
/etc/home/fred' and see if that helps. With winbind running the network user
will be domain+fred and the right permissions are in place.

Noel

-----Original Message-----
From: Matthews, John [mailto:JMatthews@LIO.AACISD.com]
Sent: 26 February 2002 18:32
To: 'Ariel Mella'
Cc: samba@lists.samba.org
Subject: RE: [Samba] winbind problem with existing linux user accounts.
(S amba 2.2.3a)


Thank you for your reply.  
Below are the entries for winbind I have in my smb.conf.  Do you see any
problems with them?

# separate domain and username with '+', like DOMAIN+username
winbind separator = +
# use uids from 10000 to 20000 for domain users
winbind uid = 10000-20000
# user gids from 10000 to 20000 for domain groups
winbind gid = 10000-20000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet access)
template shell = /bin/bash
template homedir = /home/%U


In addition this is what I currently have for my pam.d/samba file:

auth 		sufficient	/lib/security/pam_winbind.so
auth		required	/lib/security/pam_stack.so
service=system-auth
auth		required	/lib/security/pam_stack.so
service=system-auth use_first_pass
account	required	/lib/security/pam_stack.so service=system-auth 

Would you mind recommending what other courses of action I should pursue?  

	Thanks in advance,
	John Matthews

-----Original Message-----
From: Ariel Mella [mailto:samba@nebula-sa.com.ar]
Sent: Tuesday, February 26, 2002 12:47 PM
To: Matthews, John; samba@lists.samba.org
Subject: Re: [Samba] winbind problem with existing linux user accounts.
(Samba 2.2.3a)


Mathews:

In your smb.conf you have to put somewhere whats uids winbind can take off.
[global]
winbind uid = 10000-20000
winbind gid = 10000-20000
this maps each ad or pdc account to a valid unix id.
this means that the user "fred" you are mentioning have already a uid
in the
linux+winbind box.
but if you already have a "fred" account in the linux box and a
"fred"
account in the ad or pdc and winbind is running the results is a unix
account and ad or pdc account that ar equal in name "fred" but
different
uid.
i think that this is your problem.
> Hello,
>
> I'm experiencing a frustrating problem configuring winbind and Samba
> 2.2.3a on a Red Hat Linux 7.2 server.  I would appreciate ANY help and/or
> advice.  I have read the documentation which comes with the samba source,
> but I'm still having problems. I can successfully see the Windows
> Users/Groups through Linux, using "wbinfo -u", "wbinfo
-g", "getent
passwd",
> and "getent group".  I think my problem might be related to the
pam.d/samba
> file, but I'm not sure how to fix it.
>
> Configuration: Red Hat Linux 7.2, Samba 2.2.3a with winbind. Primary
> Domain Controller is a Windows 2000 machine.
> Here's my problem:
>
> A user "fred" logs into his Windows 2000 PC, and attempts to
access
> through Samba his /home/fred directory.
> 1. If "fred" is a normal linux user, and has an entry in
> /etc/passwd AND winbind is loaded then I receive an error  "The
network
name
> cannot be found.".  Samba seems able to determine that
"fred" is a linux
> user and shows the corresponding [homes] directory, I'm just not able
to
> access the home directory.  I was thinking that this might be related to
the
> UID's being different between the linux account of "fred" and
the windbind
> account "domain+fred".
> 2. If "fred" does the same thing as above, but this time
> winbind isn't loaded (I need to restart smb after killing the winbind
> process) then everything works as I want.  The problem is that now with
> winbind not loaded, Windows Users who don't have a Linux account are
unable
> to access most of the Linux shares.
>
> I'm hoping there's a way to fix this.  Ideally I'd like to
allow
> everyone to access the Samba share on the linux server, if a user has a
> linux account then in addition I'd like their linux home directory to
be
> displayed as well.
>
> Thanks in advance for help,
> John Matthews
>
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

John,

Maybe I am still off your track here, but I think what you need is the PAM
module for Samba.  This allows you to use winbind for authentication to both
the local machine and via the network. Have a look at Chapter 3 in the Samba
Proj Doc.

Noel

-----Original Message-----
From: Matthews, John [mailto:JMatthews@LIO.AACISD.com]
Sent: 26 February 2002 20:15
To: 'Noel Kelly'
Cc: 'samba@lists.samba.org'
Subject: RE: [Samba] winbind problem with existing linux user accounts.
(S amba 2.2.3a)


Hi Noel,

	Sorry I didn't explain my problem better. 

	The user "fred" is a linux user, who does most of their work in
linux.  I'd like to have their /home/fred directory available for browsing
when they are working in windows, which happens once in a while.   My
understanding of winbind is pretty shaky, but I was under the impression
that when "fred" is logged onto windows and accesses their home
directory
through SAMBA, winbind would kick in and name them "domain+fred" and
then
assign them a different UID than the user "fred" normally has.  
I'd like to
avoid changing the owner of /home/fred to "domain+fred", because then
I
would prohibit "fred" from working in their normal linux environment.

	Ideally I'd like some way to tell winbind to not do anything if an
entry for that user name exists in passwd.  Maybe I'm going in the wrong
direction in using winbind.  Would it be possible to set up Samba so that it
would authenticate already existing entries in the passwd file with the
user's NT password, and then map all users without passwd entries to a
generic user account with read only permission?  I was looking for a way to
allow users with a linux account to keep two separate passwords, a linux
password and windows password.  Then when the user is in windows they could
access their files through Samba using the windows password.


	Thank you for taking the time to answer,
	John 



-----Original Message-----
From: Noel Kelly [mailto:nkelly@tarsus.co.uk]
Sent: Tuesday, February 26, 2002 2:33 PM
To: 'Matthews, John'; 'Ariel Mella'
Cc: samba@lists.samba.org
Subject: RE: [Samba] winbind problem with existing linux user accounts.
(S amba 2.2.3a)


John,

Just a quick idea - is this not a permissions thing ?  Surely the owner of
/home/fred should be domain+fred - try a 'chown domain+fred.domain+fred
/etc/home/fred' and see if that helps. With winbind running the network user
will be domain+fred and the right permissions are in place.

Noel

-----Original Message-----
From: Matthews, John [mailto:JMatthews@LIO.AACISD.com]
Sent: 26 February 2002 18:32
To: 'Ariel Mella'
Cc: samba@lists.samba.org
Subject: RE: [Samba] winbind problem with existing linux user accounts.
(S amba 2.2.3a)


Thank you for your reply.  
Below are the entries for winbind I have in my smb.conf.  Do you see any
problems with them?

# separate domain and username with '+', like DOMAIN+username
winbind separator = +
# use uids from 10000 to 20000 for domain users
winbind uid = 10000-20000
# user gids from 10000 to 20000 for domain groups
winbind gid = 10000-20000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet access)
template shell = /bin/bash
template homedir = /home/%U


In addition this is what I currently have for my pam.d/samba file:

auth 		sufficient	/lib/security/pam_winbind.so
auth		required	/lib/security/pam_stack.so
service=system-auth
auth		required	/lib/security/pam_stack.so
service=system-auth use_first_pass
account	required	/lib/security/pam_stack.so service=system-auth 

Would you mind recommending what other courses of action I should pursue?  

	Thanks in advance,
	John Matthews

-----Original Message-----
From: Ariel Mella [mailto:samba@nebula-sa.com.ar]
Sent: Tuesday, February 26, 2002 12:47 PM
To: Matthews, John; samba@lists.samba.org
Subject: Re: [Samba] winbind problem with existing linux user accounts.
(Samba 2.2.3a)


Mathews:

In your smb.conf you have to put somewhere whats uids winbind can take off.
[global]
winbind uid = 10000-20000
winbind gid = 10000-20000
this maps each ad or pdc account to a valid unix id.
this means that the user "fred" you are mentioning have already a uid
in the
linux+winbind box.
but if you already have a "fred" account in the linux box and a
"fred"
account in the ad or pdc and winbind is running the results is a unix
account and ad or pdc account that ar equal in name "fred" but
different
uid.
i think that this is your problem.
> Hello,
>
> I'm experiencing a frustrating problem configuring winbind and Samba
> 2.2.3a on a Red Hat Linux 7.2 server.  I would appreciate ANY help and/or
> advice.  I have read the documentation which comes with the samba source,
> but I'm still having problems. I can successfully see the Windows
> Users/Groups through Linux, using "wbinfo -u", "wbinfo
-g", "getent
passwd",
> and "getent group".  I think my problem might be related to the
pam.d/samba
> file, but I'm not sure how to fix it.
>
> Configuration: Red Hat Linux 7.2, Samba 2.2.3a with winbind. Primary
> Domain Controller is a Windows 2000 machine.
> Here's my problem:
>
> A user "fred" logs into his Windows 2000 PC, and attempts to
access
> through Samba his /home/fred directory.
> 1. If "fred" is a normal linux user, and has an entry in
> /etc/passwd AND winbind is loaded then I receive an error  "The
network
name
> cannot be found.".  Samba seems able to determine that
"fred" is a linux
> user and shows the corresponding [homes] directory, I'm just not able
to
> access the home directory.  I was thinking that this might be related to
the
> UID's being different between the linux account of "fred" and
the windbind
> account "domain+fred".
> 2. If "fred" does the same thing as above, but this time
> winbind isn't loaded (I need to restart smb after killing the winbind
> process) then everything works as I want.  The problem is that now with
> winbind not loaded, Windows Users who don't have a Linux account are
unable
> to access most of the Linux shares.
>
> I'm hoping there's a way to fix this.  Ideally I'd like to
allow
> everyone to access the Samba share on the linux server, if a user has a
> linux account then in addition I'd like their linux home directory to
be
> displayed as well.
>
> Thanks in advance for help,
> John Matthews
>
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

I think your suggestion makes a lot of sense.  I'm just not sure how
to set PAM up correctly for Red Hat 7.2.  I got confused with the "auth
required /lib/security/pam_stack.so service=system-auth".  I don't know
where I should modify the /etc/pam.d/samba file.  I attempted adding "auth
sufficient /lib/security/pam_winbind.so", but it doesn't appear to be
working.  I'm also not sure if I should modify the /etc/pam.d/system-auth
file, because it says it's an automatically generated file which is subject
to change. 

	Would you mind point me in the right direction of finding the "Samba
Proj Doc."?  This is the first time I've heard of it.  I've been
referring
to the little documentation that comes with the samba-2.2.3a.tar.gz in
regard to winbind.

	Thanks again,
	John 



-----Original Message-----
From: Noel Kelly [mailto:nkelly@tarsus.co.uk]
Sent: Wednesday, February 27, 2002 11:33 AM
To: 'Matthews, John'; Noel Kelly
Cc: 'samba@lists.samba.org'
Subject: RE: [Samba] winbind problem with existing linux user accounts.
(S amba 2.2.3a)


John,

Maybe I am still off your track here, but I think what you need is the PAM
module for Samba.  This allows you to use winbind for authentication to both
the local machine and via the network. Have a look at Chapter 3 in the Samba
Proj Doc.

Noel

-----Original Message-----
From: Matthews, John [mailto:JMatthews@LIO.AACISD.com]
Sent: 26 February 2002 20:15
To: 'Noel Kelly'
Cc: 'samba@lists.samba.org'
Subject: RE: [Samba] winbind problem with existing linux user accounts.
(S amba 2.2.3a)


Hi Noel,

	Sorry I didn't explain my problem better. 

	The user "fred" is a linux user, who does most of their work in
linux.  I'd like to have their /home/fred directory available for browsing
when they are working in windows, which happens once in a while.   My
understanding of winbind is pretty shaky, but I was under the impression
that when "fred" is logged onto windows and accesses their home
directory
through SAMBA, winbind would kick in and name them "domain+fred" and
then
assign them a different UID than the user "fred" normally has.  
I'd like to
avoid changing the owner of /home/fred to "domain+fred", because then
I
would prohibit "fred" from working in their normal linux environment.

	Ideally I'd like some way to tell winbind to not do anything if an
entry for that user name exists in passwd.  Maybe I'm going in the wrong
direction in using winbind.  Would it be possible to set up Samba so that it
would authenticate already existing entries in the passwd file with the
user's NT password, and then map all users without passwd entries to a
generic user account with read only permission?  I was looking for a way to
allow users with a linux account to keep two separate passwords, a linux
password and windows password.  Then when the user is in windows they could
access their files through Samba using the windows password.


	Thank you for taking the time to answer,
	John 



-----Original Message-----
From: Noel Kelly [mailto:nkelly@tarsus.co.uk]
Sent: Tuesday, February 26, 2002 2:33 PM
To: 'Matthews, John'; 'Ariel Mella'
Cc: samba@lists.samba.org
Subject: RE: [Samba] winbind problem with existing linux user accounts.
(S amba 2.2.3a)


John,

Just a quick idea - is this not a permissions thing ?  Surely the owner of
/home/fred should be domain+fred - try a 'chown domain+fred.domain+fred
/etc/home/fred' and see if that helps. With winbind running the network user
will be domain+fred and the right permissions are in place.

Noel

-----Original Message-----
From: Matthews, John [mailto:JMatthews@LIO.AACISD.com]
Sent: 26 February 2002 18:32
To: 'Ariel Mella'
Cc: samba@lists.samba.org
Subject: RE: [Samba] winbind problem with existing linux user accounts.
(S amba 2.2.3a)


Thank you for your reply.  
Below are the entries for winbind I have in my smb.conf.  Do you see any
problems with them?

# separate domain and username with '+', like DOMAIN+username
winbind separator = +
# use uids from 10000 to 20000 for domain users
winbind uid = 10000-20000
# user gids from 10000 to 20000 for domain groups
winbind gid = 10000-20000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet access)
template shell = /bin/bash
template homedir = /home/%U


In addition this is what I currently have for my pam.d/samba file:

auth 		sufficient	/lib/security/pam_winbind.so
auth		required	/lib/security/pam_stack.so
service=system-auth
auth		required	/lib/security/pam_stack.so
service=system-auth use_first_pass
account	required	/lib/security/pam_stack.so service=system-auth 

Would you mind recommending what other courses of action I should pursue?  

	Thanks in advance,
	John Matthews

-----Original Message-----
From: Ariel Mella [mailto:samba@nebula-sa.com.ar]
Sent: Tuesday, February 26, 2002 12:47 PM
To: Matthews, John; samba@lists.samba.org
Subject: Re: [Samba] winbind problem with existing linux user accounts.
(Samba 2.2.3a)


Mathews:

In your smb.conf you have to put somewhere whats uids winbind can take off.
[global]
winbind uid = 10000-20000
winbind gid = 10000-20000
this maps each ad or pdc account to a valid unix id.
this means that the user "fred" you are mentioning have already a uid
in the
linux+winbind box.
but if you already have a "fred" account in the linux box and a
"fred"
account in the ad or pdc and winbind is running the results is a unix
account and ad or pdc account that ar equal in name "fred" but
different
uid.
i think that this is your problem.
> Hello,
>
> I'm experiencing a frustrating problem configuring winbind and Samba
> 2.2.3a on a Red Hat Linux 7.2 server.  I would appreciate ANY help and/or
> advice.  I have read the documentation which comes with the samba source,
> but I'm still having problems. I can successfully see the Windows
> Users/Groups through Linux, using "wbinfo -u", "wbinfo
-g", "getent
passwd",
> and "getent group".  I think my problem might be related to the
pam.d/samba
> file, but I'm not sure how to fix it.
>
> Configuration: Red Hat Linux 7.2, Samba 2.2.3a with winbind. Primary
> Domain Controller is a Windows 2000 machine.
> Here's my problem:
>
> A user "fred" logs into his Windows 2000 PC, and attempts to
access
> through Samba his /home/fred directory.
> 1. If "fred" is a normal linux user, and has an entry in
> /etc/passwd AND winbind is loaded then I receive an error  "The
network
name
> cannot be found.".  Samba seems able to determine that
"fred" is a linux
> user and shows the corresponding [homes] directory, I'm just not able
to
> access the home directory.  I was thinking that this might be related to
the
> UID's being different between the linux account of "fred" and
the windbind
> account "domain+fred".
> 2. If "fred" does the same thing as above, but this time
> winbind isn't loaded (I need to restart smb after killing the winbind
> process) then everything works as I want.  The problem is that now with
> winbind not loaded, Windows Users who don't have a Linux account are
unable
> to access most of the Linux shares.
>
> I'm hoping there's a way to fix this.  Ideally I'd like to
allow
> everyone to access the Samba share on the linux server, if a user has a
> linux account then in addition I'd like their linux home directory to
be
> displayed as well.
>
> Thanks in advance for help,
> John Matthews
>
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

John, Have a look at the PAM section in here:

http://ie.samba.org/samba/docs/Samba-HOWTO-Collection.pdf

-----Original Message-----
From: Matthews, John [mailto:JMatthews@LIO.AACISD.com]
Sent: 27 February 2002 18:20
To: 'Noel Kelly'
Cc: samba@lists.samba.org
Subject: RE: [Samba] winbind problem with existing linux user accounts.
(S amba 2.2.3a)


	I think your suggestion makes a lot of sense.  I'm just not sure how
to set PAM up correctly for Red Hat 7.2.  I got confused with the "auth
required /lib/security/pam_stack.so service=system-auth".  I don't know
where I should modify the /etc/pam.d/samba file.  I attempted adding "auth
sufficient /lib/security/pam_winbind.so", but it doesn't appear to be
working.  I'm also not sure if I should modify the /etc/pam.d/system-auth
file, because it says it's an automatically generated file which is subject
to change. 

	Would you mind point me in the right direction of finding the "Samba
Proj Doc."?  This is the first time I've heard of it.  I've been
referring
to the little documentation that comes with the samba-2.2.3a.tar.gz in
regard to winbind.

	Thanks again,
	John 



-----Original Message-----
From: Noel Kelly [mailto:nkelly@tarsus.co.uk]
Sent: Wednesday, February 27, 2002 11:33 AM
To: 'Matthews, John'; Noel Kelly
Cc: 'samba@lists.samba.org'
Subject: RE: [Samba] winbind problem with existing linux user accounts.
(S amba 2.2.3a)


John,

Maybe I am still off your track here, but I think what you need is the PAM
module for Samba.  This allows you to use winbind for authentication to both
the local machine and via the network. Have a look at Chapter 3 in the Samba
Proj Doc.

Noel

-----Original Message-----
From: Matthews, John [mailto:JMatthews@LIO.AACISD.com]
Sent: 26 February 2002 20:15
To: 'Noel Kelly'
Cc: 'samba@lists.samba.org'
Subject: RE: [Samba] winbind problem with existing linux user accounts.
(S amba 2.2.3a)


Hi Noel,

	Sorry I didn't explain my problem better. 

	The user "fred" is a linux user, who does most of their work in
linux.  I'd like to have their /home/fred directory available for browsing
when they are working in windows, which happens once in a while.   My
understanding of winbind is pretty shaky, but I was under the impression
that when "fred" is logged onto windows and accesses their home
directory
through SAMBA, winbind would kick in and name them "domain+fred" and
then
assign them a different UID than the user "fred" normally has.  
I'd like to
avoid changing the owner of /home/fred to "domain+fred", because then
I
would prohibit "fred" from working in their normal linux environment.

	Ideally I'd like some way to tell winbind to not do anything if an
entry for that user name exists in passwd.  Maybe I'm going in the wrong
direction in using winbind.  Would it be possible to set up Samba so that it
would authenticate already existing entries in the passwd file with the
user's NT password, and then map all users without passwd entries to a
generic user account with read only permission?  I was looking for a way to
allow users with a linux account to keep two separate passwords, a linux
password and windows password.  Then when the user is in windows they could
access their files through Samba using the windows password.


	Thank you for taking the time to answer,
	John 



-----Original Message-----
From: Noel Kelly [mailto:nkelly@tarsus.co.uk]
Sent: Tuesday, February 26, 2002 2:33 PM
To: 'Matthews, John'; 'Ariel Mella'
Cc: samba@lists.samba.org
Subject: RE: [Samba] winbind problem with existing linux user accounts.
(S amba 2.2.3a)


John,

Just a quick idea - is this not a permissions thing ?  Surely the owner of
/home/fred should be domain+fred - try a 'chown domain+fred.domain+fred
/etc/home/fred' and see if that helps. With winbind running the network user
will be domain+fred and the right permissions are in place.

Noel

-----Original Message-----
From: Matthews, John [mailto:JMatthews@LIO.AACISD.com]
Sent: 26 February 2002 18:32
To: 'Ariel Mella'
Cc: samba@lists.samba.org
Subject: RE: [Samba] winbind problem with existing linux user accounts.
(S amba 2.2.3a)


Thank you for your reply.  
Below are the entries for winbind I have in my smb.conf.  Do you see any
problems with them?

# separate domain and username with '+', like DOMAIN+username
winbind separator = +
# use uids from 10000 to 20000 for domain users
winbind uid = 10000-20000
# user gids from 10000 to 20000 for domain groups
winbind gid = 10000-20000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet access)
template shell = /bin/bash
template homedir = /home/%U


In addition this is what I currently have for my pam.d/samba file:

auth 		sufficient	/lib/security/pam_winbind.so
auth		required	/lib/security/pam_stack.so
service=system-auth
auth		required	/lib/security/pam_stack.so
service=system-auth use_first_pass
account	required	/lib/security/pam_stack.so service=system-auth 

Would you mind recommending what other courses of action I should pursue?  

	Thanks in advance,
	John Matthews

-----Original Message-----
From: Ariel Mella [mailto:samba@nebula-sa.com.ar]
Sent: Tuesday, February 26, 2002 12:47 PM
To: Matthews, John; samba@lists.samba.org
Subject: Re: [Samba] winbind problem with existing linux user accounts.
(Samba 2.2.3a)


Mathews:

In your smb.conf you have to put somewhere whats uids winbind can take off.
[global]
winbind uid = 10000-20000
winbind gid = 10000-20000
this maps each ad or pdc account to a valid unix id.
this means that the user "fred" you are mentioning have already a uid
in the
linux+winbind box.
but if you already have a "fred" account in the linux box and a
"fred"
account in the ad or pdc and winbind is running the results is a unix
account and ad or pdc account that ar equal in name "fred" but
different
uid.
i think that this is your problem.
> Hello,
>
> I'm experiencing a frustrating problem configuring winbind and Samba
> 2.2.3a on a Red Hat Linux 7.2 server.  I would appreciate ANY help and/or
> advice.  I have read the documentation which comes with the samba source,
> but I'm still having problems. I can successfully see the Windows
> Users/Groups through Linux, using "wbinfo -u", "wbinfo
-g", "getent
passwd",
> and "getent group".  I think my problem might be related to the
pam.d/samba
> file, but I'm not sure how to fix it.
>
> Configuration: Red Hat Linux 7.2, Samba 2.2.3a with winbind. Primary
> Domain Controller is a Windows 2000 machine.
> Here's my problem:
>
> A user "fred" logs into his Windows 2000 PC, and attempts to
access
> through Samba his /home/fred directory.
> 1. If "fred" is a normal linux user, and has an entry in
> /etc/passwd AND winbind is loaded then I receive an error  "The
network
name
> cannot be found.".  Samba seems able to determine that
"fred" is a linux
> user and shows the corresponding [homes] directory, I'm just not able
to
> access the home directory.  I was thinking that this might be related to
the
> UID's being different between the linux account of "fred" and
the windbind
> account "domain+fred".
> 2. If "fred" does the same thing as above, but this time
> winbind isn't loaded (I need to restart smb after killing the winbind
> process) then everything works as I want.  The problem is that now with
> winbind not loaded, Windows Users who don't have a Linux account are
unable
> to access most of the Linux shares.
>
> I'm hoping there's a way to fix this.  Ideally I'd like to
allow
> everyone to access the Samba share on the linux server, if a user has a
> linux account then in addition I'd like their linux home directory to
be
> displayed as well.
>
> Thanks in advance for help,
> John Matthews
>
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba