Winbindd can see the NT-user, but samba can't work with the NT-user.
My System: SuSE Linux 7.2 Enterprise Server
Samba-2.2.3a
I have install samba by the following steps:
1. ./configure --prefix=/opt/samba-2.2.3a --with-winbind
2. make
3. make install
4. cp /tmp/samba-2.2.3a/source/nsswitch/libnss_winbind.so /lib
5. ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
6. vi /etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
7. /sbin/ldconfig -v | grep winbind --> I can see it!
8. vi /opt/samba-2.2.3a/lib/smb.conf
[global]
workgroup = test
netbios name = SAMBA
encrypt passwords = yes
server string = SAMBA %v
load printers = no
security = DOMAIN
password server = *
keepalive = 30
winbind uid = 1000-2000
winbind gid = 3000-8000
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
winbind separator = +
winbind cache time = 10
[all]
comment = For all users
path = /all
guest ok = Yes
writeable = Yes
create mode = 0770
directory mode = 0770
browseable = Yes
write ok = Yes
9. smbpasswd -j test -r pdc -U admin --> It works
And now the Problem:
With /opt/samba-2.2.3a/bin/wbinfo -u, i can see the DOMAIN-USERS
With /opt/samba-2.2.3a/bin/wbinfo -g, i can see the DOMAIN-GROUPS
If a Windows-user creates a file at the "all"-share, the owner of the
file
is nobody and the group is nogroup.
Why ??
What is wrong ??
What are the permissions on the directory?
Do getent passwd | grep -i <windows user>
Note the group number and user id. That group number/user id need to have
permissions to write/read in the all share. You can use the "force group
="
option to make the creation of files get set to its group. I noted that
domain users got the gid of 1000, so in /etc/group I made a group called
users with gid of 1000. I set force group = users and gave that group the
appropriate permissions.
David
-----Original Message-----
From: Glatzel Tino [mailto:tino.glatzel@badenIT.de]
Sent: Monday, February 25, 2002 7:28 AM
To: 'samba@lists.samba.org'
Subject: [Samba] Winbind and user-mapping
Winbindd can see the NT-user, but samba can't work with the NT-user.
My System: SuSE Linux 7.2 Enterprise Server
Samba-2.2.3a
I have install samba by the following steps:
1. ./configure --prefix=/opt/samba-2.2.3a --with-winbind
2. make
3. make install
4. cp /tmp/samba-2.2.3a/source/nsswitch/libnss_winbind.so /lib
5. ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
6. vi /etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
7. /sbin/ldconfig -v | grep winbind --> I can see it!
8. vi /opt/samba-2.2.3a/lib/smb.conf
[global]
workgroup = test
netbios name = SAMBA
encrypt passwords = yes
server string = SAMBA %v
load printers = no
security = DOMAIN
password server = *
keepalive = 30
winbind uid = 1000-2000
winbind gid = 3000-8000
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
winbind separator = +
winbind cache time = 10
[all]
comment = For all users
path = /all
guest ok = Yes
writeable = Yes
create mode = 0770
directory mode = 0770
browseable = Yes
write ok = Yes
9. smbpasswd -j test -r pdc -U admin --> It works
And now the Problem:
With /opt/samba-2.2.3a/bin/wbinfo -u, i can see the DOMAIN-USERS
With /opt/samba-2.2.3a/bin/wbinfo -g, i can see the DOMAIN-GROUPS
If a Windows-user creates a file at the "all"-share, the owner of the
file
is nobody and the group is nogroup.
Why ??
What is wrong ??
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Did you update your /etc/pam.d/samba file ?? Here's what mine looks like: #%PAM-1.0 auth required /lib/security/pam_winbind.so auth required pam_unix.so account requried /lib/security/pam_winbind.so account required pam_unix.so When you say samba can't work withthe NT-user what do you mean ?? Does it ask you for username/password?? Josh On Monday 25 February 2002 06:27, you wrote:> Winbindd can see the NT-user, but samba can't work with the NT-user. > > My System: SuSE Linux 7.2 Enterprise Server > Samba-2.2.3a > > I have install samba by the following steps: > > 1. ./configure --prefix=/opt/samba-2.2.3a --with-winbind > 2. make > 3. make install > 4. cp /tmp/samba-2.2.3a/source/nsswitch/libnss_winbind.so /lib > 5. ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 > 6. vi /etc/nsswitch.conf > > passwd: compat winbind > group: compat winbind > > 7. /sbin/ldconfig -v | grep winbind --> I can see it! > 8. vi /opt/samba-2.2.3a/lib/smb.conf > > [global] > workgroup = test > netbios name = SAMBA > encrypt passwords = yes > server string = SAMBA %v > load printers = no > security = DOMAIN > password server = * > keepalive = 30 > winbind uid = 1000-2000 > winbind gid = 3000-8000 > winbind enum users = yes > winbind enum groups = yes > template shell = /bin/bash > winbind separator = + > winbind cache time = 10 > > [all] > comment = For all users > path = /all > guest ok = Yes > writeable = Yes > create mode = 0770 > directory mode = 0770 > browseable = Yes > write ok = Yes > > 9. smbpasswd -j test -r pdc -U admin --> It works > > And now the Problem: > With /opt/samba-2.2.3a/bin/wbinfo -u, i can see the DOMAIN-USERS > With /opt/samba-2.2.3a/bin/wbinfo -g, i can see the DOMAIN-GROUPS > > If a Windows-user creates a file at the "all"-share, the owner of the file > is nobody and the group is nogroup. > Why ?? > What is wrong ??_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Hay gang, It is interesting to note that on solaris, getent passwd does not return the clean output that Glatzel Tino got. Here are lines I get from solaris 2.8 running samba 3.0alpha15: INS+Yummie:x,2:11257:1000:Yummie bunny:/export/home/winnt/INS/yummie:/bin/false INS+Yuasso:x,ndaW:11258:1000:Yuasso:/export/home/winnt/INS/yuasso:/bin/false INS+Zanadu:x,eryB:11259:1000:Zanadu babe:/export/home/winnt/INS/zanadu:/bin/false Note the x,eryB, for example, instead of just x... David -----Original Message----- From: Glatzel Tino [mailto:tino.glatzel@badenIT.de] Sent: Tuesday, February 26, 2002 2:55 AM To: 'David Edward Shapiro' Subject: AW: [Samba] Winbind and user-mapping This is a little part of my output getent passwd TEST+TUser1:x:11273:10000:TUser1:/home/STWFR1/tuser1:/bin/bash TEST+TUser2:x:11274:10000:TUser2:/home/STWFR1/tuser2:/bin/bash TEST+TUser3:x:11275:10000:TUser3:/home/STWFR1/tuser3:/bin/bash TEST+TUser4:x:11276:10000:TUser4:/home/STWFR1/tuser4:/bin/bash TEST+TUser5:x:11277:10000:TUser5:/home/STWFR1/tuser5:/bin/bash getent group TEST+Sub-Administrators:x:11097: Well, that is not very secure, but your user should be able to write/read in that directory. What did getent passwd grep return for you? -----Original Message----- From: Glatzel Tino [mailto:tino.glatzel@badenIT.de] Sent: Monday, February 25, 2002 11:32 AM To: 'David Edward Shapiro' Subject: AW: [Samba] Winbind and user-mapping The permissions are: drwxrwxrwx 2 root root 35 Feb 25 17:14 all>>Do getent passwd | grep -i <windows user>It works. I seetheWindows-Usergetent group -- I see the lokal and NT-GroupsExample: ANT-usercreates a new director. This are thepermissions:drwxrwx--- 2nobodynogroup 35 Feb 25 17:14newDirectorywhy?-----Urspr?nglicheNachricht-----Von: DavidEdwardShapiro[mailto:David.Edward.Shapiro@btitele.com]Gesendet: Montag,25.Februar 200214:32An: 'Glatzel Tino'Cc: 'samba@listssamba.org'Betreff:RE:[Samba]Winbind and user-mappingWhat are the permissions on thedirectory?Do getent passwd | grep -i <windows user>Note the group number anduserid.That group number/user id need to have permissions to write/read intheallshare. You can use the "force group ="option to make the creationoffiles get setto its group. I noted thatdomain users got the gid of 1000,soin/etc/group I made a group calledusers with gid of 1000. I set forcegroup= users and gave that group theappropriatepermissions.David-----OriginalMessage-----From: GlatzelTino[mailto:tino.glatzel@badenIT.de]Sent: Monday, February 25, 2002 7:28 AMTo: 'samba@lists.samba.org' Subject: [Samba] Winbind and user-mapping Winbindd can see the NT-user, but samba can't work with the NT-user. My System: SuSE Linux 7.2 Enterprise Server Samba-2.2.3a I have install samba by the following steps: 1. ./configure --prefix=/opt/samba-2.2.3a --with-winbind 2. make 3. make install 4. cp /tmp/samba-2.2.3a/source/nsswitch/libnss_winbind.so /lib 5. ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 6. vi /etc/nsswitch.conf passwd: compat winbind group: compat winbind 7. /sbin/ldconfig -v | grep winbind --> I can see it! 8. vi /opt/samba-2.2.3a/lib/smb.conf [global] workgroup = test netbios name = SAMBA encrypt passwords = yes server string = SAMBA %v load printers = no security = DOMAIN password server = * keepalive = 30 winbind uid = 1000-2000 winbind gid = 3000-8000 winbind enum users = yes winbind enum groups = yes template shell = /bin/bash winbind separator = + winbind cache time = 10 [all] comment = For all users path = /all guest ok = Yes writeable = Yes create mode = 0770 directory mode = 0770 browseable = Yes write ok = Yes 9. smbpasswd -j test -r pdc -U admin --> It works And now the Problem: With /opt/samba-2.2.3a/bin/wbinfo -u, i can see the DOMAIN-USERS With /opt/samba-2.2.3a/bin/wbinfo -g, i can see the DOMAIN-GROUPS If a Windows-user creates a file at the "all"-share, the owner of the file is nobody and the group is nogroup. Why ?? What is wrong ?? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Okay, you have a default group of 10000. Create a group in /etc/group called users with gid of 10000 e.g., users::10000: Change the group of the share to users with chgrp -R users /your/share chmod to something sane again: chmod -R 775 /your/share Now, you can use options like write list, inherit permissions, force group, force create mode, etc. to control how files are created, but at least the group will adhere to a group on your unix box. You can use smbgroupedit with samba 3.0 to assocate your unix group with different NT domains and vice-versa too. David -----Original Message----- From: Glatzel Tino [mailto:tino.glatzel@badenIT.de] Sent: Tuesday, February 26, 2002 2:55 AM To: 'David Edward Shapiro' Subject: AW: [Samba] Winbind and user-mapping This is a little part of my output getent passwd TEST+TUser1:x:11273:10000:TUser1:/home/STWFR1/tuser1:/bin/bash TEST+TUser2:x:11274:10000:TUser2:/home/STWFR1/tuser2:/bin/bash TEST+TUser3:x:11275:10000:TUser3:/home/STWFR1/tuser3:/bin/bash TEST+TUser4:x:11276:10000:TUser4:/home/STWFR1/tuser4:/bin/bash TEST+TUser5:x:11277:10000:TUser5:/home/STWFR1/tuser5:/bin/bash getent group TEST+Sub-Administrators:x:11097: Well, that is not very secure, but your user should be able to write/read in that directory. What did getent passwd grep return for you? -----Original Message----- From: Glatzel Tino [mailto:tino.glatzel@badenIT.de] Sent: Monday, February 25, 2002 11:32 AM To: 'David Edward Shapiro' Subject: AW: [Samba] Winbind and user-mapping The permissions are: drwxrwxrwx 2 root root 35 Feb 25 17:14 all>>Do getent passwd | grep -i <windows user>It works. I seetheWindows-Usergetent group -- I see the lokal and NT-GroupsExample: ANT-usercreates a new director. This are thepermissions:drwxrwx--- 2nobodynogroup 35 Feb 25 17:14newDirectorywhy?-----Urspr?nglicheNachricht-----Von: DavidEdwardShapiro[mailto:David.Edward.Shapiro@btitele.com]Gesendet: Montag,25.Februar 200214:32An: 'Glatzel Tino'Cc: 'samba@listssamba.org'Betreff:RE:[Samba]Winbind and user-mappingWhat are the permissions on thedirectory?Do getent passwd | grep -i <windows user>Note the group number anduserid.That group number/user id need to have permissions to write/read intheallshare. You can use the "force group ="option to make the creationoffiles get setto its group. I noted thatdomain users got the gid of 1000,soin/etc/group I made a group calledusers with gid of 1000. I set forcegroup= users and gave that group theappropriatepermissions.David-----OriginalMessage-----From: GlatzelTino[mailto:tino.glatzel@badenIT.de]Sent: Monday, February 25, 2002 7:28 AMTo: 'samba@lists.samba.org' Subject: [Samba] Winbind and user-mapping Winbindd can see the NT-user, but samba can't work with the NT-user. My System: SuSE Linux 7.2 Enterprise Server Samba-2.2.3a I have install samba by the following steps: 1. ./configure --prefix=/opt/samba-2.2.3a --with-winbind 2. make 3. make install 4. cp /tmp/samba-2.2.3a/source/nsswitch/libnss_winbind.so /lib 5. ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 6. vi /etc/nsswitch.conf passwd: compat winbind group: compat winbind 7. /sbin/ldconfig -v | grep winbind --> I can see it! 8. vi /opt/samba-2.2.3a/lib/smb.conf [global] workgroup = test netbios name = SAMBA encrypt passwords = yes server string = SAMBA %v load printers = no security = DOMAIN password server = * keepalive = 30 winbind uid = 1000-2000 winbind gid = 3000-8000 winbind enum users = yes winbind enum groups = yes template shell = /bin/bash winbind separator = + winbind cache time = 10 [all] comment = For all users path = /all guest ok = Yes writeable = Yes create mode = 0770 directory mode = 0770 browseable = Yes write ok = Yes 9. smbpasswd -j test -r pdc -U admin --> It works And now the Problem: With /opt/samba-2.2.3a/bin/wbinfo -u, i can see the DOMAIN-USERS With /opt/samba-2.2.3a/bin/wbinfo -g, i can see the DOMAIN-GROUPS If a Windows-user creates a file at the "all"-share, the owner of the file is nobody and the group is nogroup. Why ?? What is wrong ?? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba