I've been trying to setup a Samba file server on our Win2k domain that will use the users/groups from Win2k using Winbind. I have been quite successful so far but have come up against a problem. This is what I've done so far: - Download 2.2.4, compiled and installed fine - Setup winbind & added the server to the domain. All works fine (I ca list users, groups etc) - Setup samba to be on the domain (smb.conf is below) - Setup a directory that is shared by samba (smb.conf below). The problem is that I can happily view the share from a machine on the domain, but I can't write to it (create files, directories or change any permissions). I've tried from an XP Pro and 2K Pro client with the same behaviour. If I run smbstatus I can see that it knows I've logged in under the domain username and gives my primary group. I've tried setting the directory on Linux with the owner/group that smbstatus returns but that makes no difference. I've also tried permissions as 777. I've also tried setting the "valid users" setting on the share to either my username, group or neither and again the same "access denied" problem. If I view permissions on the share or contained files I can see that both my username & group have full permissions. The only error that I'm getting in the log (log.machinename) is: [2002/05/25 16:48:27, 0] smbd/service.c:make_connection(251) dually (10.0.1.242) couldn't find service ilkof The odd thing is that the share is called "ilkoff" but the final letter is being missed off. Is this just a logging problem or could this be a bug in Samba/Winbind? If anyone has any suggestions/pointers please let me know because I'm so close to getting the whole thing working!!! Cheers... Smb.conf: [global] workgroup = ilkley netbios name = test server string = Samba test server security = DOMAIN encrypt passwords = Yes log file = /usr/local/samba/var/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No password server = * winbind separator = + winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes [ilkoff] comment = Ilkley Office stuff path = /shares/ilkoffice # valid users = @ILKLEY+Domain Users # Tried different combinations, all fail (NB: the "valid users" line works fine with that space in - I had to modify the list separators in the user_in_list function so this is possible!)
Thanks for the reply. I thought the whole idea of WinBind is that you don't have to manually add any domain entries into your local passwd files. If I look at the results on "getent passwd" and "getent group" I can see my domain username & domain group, but Samba will still not let me write any files on the share. Any other ideas? -----Original Message----- From: eng yeow cheu [mailto:eycheu@yahoo.com] Sent: 25 May 2002 18:25 To: Matt Butt Subject: Re: [Samba] Problem with winbind in Win2k domain check your passwd and smbpasswd. Make sure you have the account. --- Matt Butt <mattb@cre8tiv.com> wrote: > I've been trying to setup a Samba file server on our> Win2k domain that > will use the users/groups from Win2k using Winbind. > > I have been quite successful so far but have come up > against a problem. > > This is what I've done so far: > > - Download 2.2.4, compiled and installed fine > - Setup winbind & added the server to the domain. > All works > fine (I ca list users, groups etc) > - Setup samba to be on the domain (smb.conf is > below) > - Setup a directory that is shared by samba > (smb.conf below). > > The problem is that I can happily view the share > from a machine on the > domain, but I can't write to it (create files, > directories or change any > permissions). I've tried from an XP Pro and 2K Pro > client with the same > behaviour. If I run smbstatus I can see that it > knows I've logged in > under the domain username and gives my primary > group. I've tried > setting the directory on Linux with the owner/group > that smbstatus > returns but that makes no difference. I've also > tried permissions as > 777. I've also tried setting the "valid users" > setting on the share to > either my username, group or neither and again the > same "access denied" > problem. If I view permissions on the share or > contained files I can > see that both my username & group have full > permissions. > > The only error that I'm getting in the log > (log.machinename) is: > > [2002/05/25 16:48:27, 0] > smbd/service.c:make_connection(251) > dually (10.0.1.242) couldn't find service ilkof > > The odd thing is that the share is called "ilkoff" > but the final letter > is being missed off. Is this just a logging problem > or could this be a > bug in Samba/Winbind? > > If anyone has any suggestions/pointers please let me > know because I'm so > close to getting the whole thing working!!! > > Cheers... > > > Smb.conf: > > [global] > workgroup = ilkley > netbios name = test > server string = Samba test server > security = DOMAIN > encrypt passwords = Yes > log file = /usr/local/samba/var/log.%m > max log size = 50 > socket options = TCP_NODELAY SO_RCVBUF=8192 > SO_SNDBUF=8192 > dns proxy = No > password server = * > > winbind separator = + > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind enum users = yes > winbind enum groups = yes > > [ilkoff] > comment = Ilkley Office stuff > path = /shares/ilkoffice > # valid users = @ILKLEY+Domain Users # Tried > different > combinations, all fail > > > > > (NB: the "valid users" line works fine with that > space in - I had to > modify the list separators in the user_in_list > function so this is > possible!) > > -- > To unsubscribe from this list go to the following > URL and read the > instructions:http://lists.samba.org/mailman/listinfo/samba __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com
D'OH! Found the problem - I forgot to put "writable = Yes" on the share config!!! Typical administrator issue - get all the tricky stuff done but forget about the easy stuff!!! Forgive me if I'm asking this in the wrong place, but when trying to get all this working I've found several things that might be worth putting in the Winbind documentation. Where should I send this info? -----Original Message----- From: Matt Butt Sent: 26 May 2002 11:10 To: samba@lists.samba.org Cc: eng yeow cheu Subject: RE: [Samba] Problem with winbind in Win2k domain Thanks for the reply. I thought the whole idea of WinBind is that you don't have to manually add any domain entries into your local passwd files. If I look at the results on "getent passwd" and "getent group" I can see my domain username & domain group, but Samba will still not let me write any files on the share. Any other ideas? -----Original Message----- From: eng yeow cheu [mailto:eycheu@yahoo.com] Sent: 25 May 2002 18:25 To: Matt Butt Subject: Re: [Samba] Problem with winbind in Win2k domain check your passwd and smbpasswd. Make sure you have the account. --- Matt Butt <mattb@cre8tiv.com> wrote: > I've been trying to setup a Samba file server on our> Win2k domain that > will use the users/groups from Win2k using Winbind. > > I have been quite successful so far but have come up > against a problem. > > This is what I've done so far: > > - Download 2.2.4, compiled and installed fine > - Setup winbind & added the server to the domain. > All works > fine (I ca list users, groups etc) > - Setup samba to be on the domain (smb.conf is > below) > - Setup a directory that is shared by samba > (smb.conf below). > > The problem is that I can happily view the share > from a machine on the > domain, but I can't write to it (create files, > directories or change any > permissions). I've tried from an XP Pro and 2K Pro > client with the same > behaviour. If I run smbstatus I can see that it > knows I've logged in > under the domain username and gives my primary > group. I've tried > setting the directory on Linux with the owner/group > that smbstatus > returns but that makes no difference. I've also > tried permissions as > 777. I've also tried setting the "valid users" > setting on the share to > either my username, group or neither and again the > same "access denied" > problem. If I view permissions on the share or > contained files I can > see that both my username & group have full > permissions. > > The only error that I'm getting in the log > (log.machinename) is: > > [2002/05/25 16:48:27, 0] > smbd/service.c:make_connection(251) > dually (10.0.1.242) couldn't find service ilkof > > The odd thing is that the share is called "ilkoff" > but the final letter > is being missed off. Is this just a logging problem > or could this be a > bug in Samba/Winbind? > > If anyone has any suggestions/pointers please let me > know because I'm so > close to getting the whole thing working!!! > > Cheers... > > > Smb.conf: > > [global] > workgroup = ilkley > netbios name = test > server string = Samba test server > security = DOMAIN > encrypt passwords = Yes > log file = /usr/local/samba/var/log.%m > max log size = 50 > socket options = TCP_NODELAY SO_RCVBUF=8192 > SO_SNDBUF=8192 > dns proxy = No > password server = * > > winbind separator = + > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind enum users = yes > winbind enum groups = yes > > [ilkoff] > comment = Ilkley Office stuff > path = /shares/ilkoffice > # valid users = @ILKLEY+Domain Users # Tried > different > combinations, all fail > > > > > (NB: the "valid users" line works fine with that > space in - I had to > modify the list separators in the user_in_list > function so this is > possible!) > > -- > To unsubscribe from this list go to the following > URL and read the > instructions:http://lists.samba.org/mailman/listinfo/samba __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Apparently Analagous Threads
- [PATCH] x 2 - Fix for "null pointer exception" when ask_status is called before worker is run, and docfixes
- 2 more JSON / XML feature parity patches before Rails 2.0
- Merb-style development exception pages for Mac OS X
- Rails shouldn't output invalid JSON by default
- Trac not for general use?