I've got Samba 2.2.2 and winbind up and running fine between a TurboLinux server and an NT 4.0 PDC. I can "chown" files on the linux box fine using "$chown DOMAIN+username filename" but when i try to change an objects group using "$chgrp DOMAIN+groupname filename" i get errors stating that it is an invalid group name. What's the deal here? None of my group names are using spaces. "chown" works great for all DOMAIN users but "chgrp" will not work for any groups at all. If anyone has any ideas i would appreciate the help. Thanks, VeKTeReX
On Tue, 20 Nov 2001, Kevin wrote:> I've got Samba 2.2.2 and winbind up and running fine > between a TurboLinux server and an NT 4.0 PDC. I can > "chown" files on the linux box fine using "$chown > DOMAIN+username filename" but when i try to change an > objects group using "$chgrp DOMAIN+groupname filename" > i get errors stating that it is an invalid group name. > > What's the deal here? None of my group names are using > spaces. "chown" works great for all DOMAIN users but > "chgrp" will not work for any groups at all.Do you have winbindd listed agains groups in /etc/nsswitch.conf ie: ~$ grep ' winb' /etc/nsswitch.conf passwd: files winbind group: files winbind Yours Tony. /* * "The significant problems we face cannot be solved at the * same level of thinking we were at when we created them." * --Albert Einstein */
Fixed it... or rather got around it instead. The group names do not work but if i use chgrp with the GID number instead of the name it works fine. VeKTeReX Kevin wrote:> > I've got Samba 2.2.2 and winbind up and running fine > between a TurboLinux server and an NT 4.0 PDC. I can > "chown" files on the linux box fine using "$chown > DOMAIN+username filename" but when i try to change an > objects group using "$chgrp DOMAIN+groupname filename" > i get errors stating that it is an invalid group name. > > What's the deal here? None of my group names are using > spaces. "chown" works great for all DOMAIN users but > "chgrp" will not work for any groups at all. > > If anyone has any ideas i would appreciate the help. > > Thanks, > VeKTeReX > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba
Hi all,
I'm trying to get a samba server which is all by itself, No Windows DCs, or
even windows shares at all, to play nice with Linux clients.
The server is authenticating Win9x, NT and 2000 clients fine and dandy, and
now I have need to add linux clients to the scenario, and have dicovered an
issue I can't seem to work through. Perhaps someone can help?
On the linux client, I can login as a user that exists only on the samba
server (TEST+testuser) , except I get the following message:
id: cannot find name for group id 10000
When I do "wbinfo -t" I get back:
Secret is good.
When I do "wbinfo -u" I get back:
TEST+testuser
When I do "wbinfo -g" I get back:
TEST+Domain Admins
TEST+Domain Users
When I do "getent passwd" I get:
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
.
.
cut for brevity
.
.
bub:x:500:500:Bub Slug:/home/bub:/bin/bash
TEST+testuser:x:10000:10000::/home/testuser:/bin/bash
So far so good, until I do "getent group", which returns:
root:x:0:root
bin:x:1:bin
.
.
cut for brevity again
.
.
bub:x:500:bub
So my net groups "Domain Admins" and "Domain Users"
don't show up when I
getent group, and there is no other network group that winbind can map to
gid 10000 when TEST+testuser logs in to the Linux client, and I suspect this
is why I get the ID message on login (?)
Once again, I am not using any Windows 9x, NT, 2000 servers, the Linux Samba
server is the only PDC (and the only DC).
Can anyone offer some help aside from the stuff that's around on the net.
It all seems to deal with using Samba in a Domain with an actual windows DC,
not as a standalone server being a DC.
I wonder why my client linux box can't see the domain groups on login, and
while I'm on the subject, where do "Domain Admins" and
"Domain Users" come
from in the first place, and how do I add, delete or modify domain groups or
how do I make groups on the Linux Samba server display to linux clients?
Both server and Client use RedHat 7.3 (Stock Kernel) Samba wasn't installed
with the redhat setup, instead I downloaded the tarball for 2.2.5
I compiled the server software in the source directory with:
./configure
make
make install
The server is set up as a PDC with an smb.conf file that looks like:
[global]
workgroup = TEST
netbios name = LINUXSRV
interfaces = 127.0.0.1 192.168.240.20
encrypt passwords = Yes
domain logons = Yes
os level = 64
preferred master = True
domain master = True
wins support = Yes
[homes]
path = /home/%U
read only = No
browseable = No
[netlogon]
path = /usr/local/samba/netlogon
browseable = No
I've configured the linux client and added it to the domain by:
Setting it's host name to linuxclient,
Compiling the samba software from source (2.2.5) in the source directory
with:
./configure --with-winbind
make
make install
make nsswitch
Copied libnss_winbind.so to /lib
Created a link:
ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
copied pam_winbind.so to /lib/security
Created an smb.conf file for winbind that looks like
[global]
workgroup = TEST
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/bash
winbind use default domain = yes
wins server = 192.168.240.20
Created a init script to fire up winbind
edited /etc/nsswitch.conf to change the lines:
passwd: files winbind
shadow: files
group: files windbind
added these lines to /etc/pam.d/login:
auth sufficient /lib/security/pam_winbind.so
account sufficient /lib/security/pam_winbind.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=022
did a: /sbin/ldconfig -v | grep winbind which returned:
libnss_winbind.so -> libnss_winbind.so
I started up the winbindd daemon on the client.
Then on the server, I did:
useradd linuxclient$
passwd -l linuxclient$
smbpasswd -a -m linuxclient
useradd testuser
passwd -l testuser
smbpasswd -a testuser
On the linux client I did:
smbpasswd -j TEST -r 192.168.240.20
Which reported I joined the domain successfully.
Doing all this gets me the behaviour described above.
Any help will be appreciated!
Bub
This tagline is umop ap!5dn
_________________________________________________________________
MSN Photos is the easiest way to share and print your photos:
http://photos.msn.com/support/worldwide.aspx
I am using Samba ver 2.2.8 as a domain member server. I am using Winbind for user authorization. I have my home shares working as they should but I am having trouble with a Share that should be read only for most users and read write for members of the techs group (a NT group). in my smb.conf file I tired both: Write List = @GILMAN+techs (GILMAN is the domain, + is the winbind sererator) and Write List = @techs neither worked. What am I doing incorrectly? Note, when I do a smbstatus the group is reported as GILMAN+techs Mark Mark Carrara Technology Coordinator School District of Gilman Gilman, WI
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Does the command getent group work? You should see the group as a unix group with members. - -Tom Mark Carrara wrote: | I am using Samba ver 2.2.8 as a domain member server. I am using | Winbind for user authorization. I have my home shares working as they | should but I am having trouble with a Share that should be read only for | most users and read write for members of the techs group | (a NT group). | | in my smb.conf file I tired both: | Write List = @GILMAN+techs (GILMAN is the domain, + is the winbind | sererator) | and | Write List = @techs | | neither worked. What am I doing incorrectly? | | Note, when I do a smbstatus the group is reported as GILMAN+techs | | Mark | | Mark Carrara | Technology Coordinator | School District of Gilman | Gilman, WI -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/XQy5RliD/69byygRAqP2AJ97w1noPXw1Ydra78qeZN7WxJvcRACeODBy DegyFJTcHpCgT9vnZ5GwFaM=EzMZ -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Do you have a valid users line? It may override write list. I'd recommend: valid users = bob, @GILMAN+techs read only = yes write list = @GILMAN+techs (There is also a param: read list or some such) - -Tom Mark Carrara wrote: | Yes getent group shows all of my Windows groups and users. Also wbinfo | -g shows all of the Windows groups | | Mark | | At 07:11 PM 9/8/2003 -0400, you wrote: | |> -----BEGIN PGP SIGNED MESSAGE----- |> Hash: SHA1 |> |> Does the command getent group work? |> |> You should see the group as a unix group with members. |> |> - -Tom |> |> Mark Carrara wrote: |> | I am using Samba ver 2.2.8 as a domain member server. I am using |> | Winbind for user authorization. I have my home shares working as they |> | should but I am having trouble with a Share that should be read only |> for |> | most users and read write for members of the techs group |> | (a NT group). |> | |> | in my smb.conf file I tired both: |> | Write List = @GILMAN+techs (GILMAN is the domain, + is the winbind |> | sererator) |> | and |> | Write List = @techs |> | |> | neither worked. What am I doing incorrectly? |> | |> | Note, when I do a smbstatus the group is reported as GILMAN+techs |> | |> | Mark |> | |> | Mark Carrara |> | Technology Coordinator |> | School District of Gilman |> | Gilman, WI |> -----BEGIN PGP SIGNATURE----- |> Version: GnuPG v1.2.1 (GNU/Linux) |> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |> |> iD8DBQE/XQy5RliD/69byygRAqP2AJ97w1noPXw1Ydra78qeZN7WxJvcRACeODBy |> DegyFJTcHpCgT9vnZ5GwFaM|> =EzMZ |> -----END PGP SIGNATURE----- |> | | Mark Carrara | Technology Coordinator | School District of Gilman | Gilman, WI | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/XlLjRliD/69byygRAh9/AJ9e3TeW3IkKdf6Dp+9m79DMUsL+VACdEws9 e7DHqUnRw9UE6dc0cif49jY=2Uce -----END PGP SIGNATURE-----