samba - Feb 2002 - Known limitations? (IRIX + Samba 2.2.3a + Winbind)

Anyone know of a brief overview of the expected limitations on an IRIX
system running Samba 2.2.3a +Winbind?  Everything seems to least work, but I
still find some odd permissions things going on.  The IRIX machine is
authenticating NT users from my NT domain OK and I can specify user rights
to files, but when you do a long listing under IRIX it list the file as
being owned by DOMAIN-NAME with group DOMAIN-NAME, where DOMAIN-NAME is the
name of my NT Domain.  Strange.  Also, It does not seems to be following NT
user group definitions.  I created a file as a user and added "Domain
Admins" with full access rights, but after login on as
DOMAIN-NAME\Administrator I wasn't able to write to the file.  Any ideas?  

Also, when I define the read access and write access lists in my smb.conf
file, do I specify the NT Domain users, do I use just he user name or the
DOMAIN+USERNAME? (+ is my separator defined in winbind).

On the same subject, how would I define an entire NT user group or all users
of a certain domain to have Read or Read/Write access?

-Dan

Daniel J. Thomas
Systems Administrator
Johns Hopkins University
Applied Physics Laboratory
Laurel, MD

Balt:    (443) 778-7924
Wash:  (240) 228-7924


"Always avoid a bad file copy...
You can never know when your replication proceeds you."
                               -Anonymous Author

Hi there,
>still find some odd permissions things going on.  The IRIX machine is
>authenticating NT users from my NT domain OK and I can specify user rights
>to files, but when you do a long listing under IRIX it list the file as
>being owned by DOMAIN-NAME with group DOMAIN-NAME, where DOMAIN-NAME is the
>name of my NT Domain.  Strange.

Not neccesarily strange.  How long is the DOMAIN-NAME?  Wierd question,
but I've used IRIX for years, and the 'ls -l' command only ever
shows the
first eight characters of a user or group name.  We have group names of
12-13 characters here and their names always get truncated in 'ls -l'
listings.

So if your DOMAIN-NAME is 8 characters or more, then you'll never
see the +Username bit.  You can use 'ls -ln' to at least check
that the UID and GID are right.

I have a recollection that (somewhere) there's an option to winbind
that means it doesn't stick the "DOMAIN-NAME+" bit on the begining
of user names (but only for the default domain of course.....)


                               Mac
          Assistant Systems Adminstrator @nibsc.ac.uk
                        dmccann@nibsc.ac.uk
   Work: +44 1707 654753 x285      Everything else: +44 7956 237670 (anytime)

At least under Linux, the owner and group are actually DOMAIN-NAME+User and
DOMAIN-NAME+Group, it's just that the last part gets chopped off due to the
limited column width allowed by ls.  If you use a utility that doesn't limit
the width (like the 'getfacl' utility included in the ACL package for
Linux)
the user and group names are shown correctly.

-----Original Message-----
From: Thomas, Daniel J. [mailto:Daniel.Thomas@jhuapl.edu]
Sent: Tuesday, February 26, 2002 1:58 PM
To: Samba (E-mail)
Subject: [SAMBA] Known limitations? (IRIX + Samba 2.2.3a + Winbind)


Anyone know of a brief overview of the expected limitations on an IRIX
system running Samba 2.2.3a +Winbind?  Everything seems to least work, but I
still find some odd permissions things going on.  The IRIX machine is
authenticating NT users from my NT domain OK and I can specify user rights
to files, but when you do a long listing under IRIX it list the file as
being owned by DOMAIN-NAME with group DOMAIN-NAME, where DOMAIN-NAME is the
name of my NT Domain.