Hello There Samba people,
I've been seting up following Samba setup. A Win2K server that is the PDC
of a domain. It only contains administration data. (users,groups,dns,...)
Then there is a Linux RH 7.2 running Samba 2.2.3a containing all shares
and printers. I've joined it to the domain and have winbind running to get
authentication data from the PDC. If only have setup winbind in nss and
not in pam because I only want Samba to authenticate to the PDC not the
rest of the services on the Linux box.
I've had some trouble setting this up, but it is running fine now. So I
want the share my experiences.
First problem I've had was with using a Windows group coming thru Winbind
for the valid users parameter. You have to use quote if it contains
spaces, so :
valid users = @DOM+Domain Test -- doesn't work
valid users = @"DOM+Domain Test" -- works
I've found this when looking in the logs seeing request for group
"DOM+Domain".
Maybe we can add a new section about quotes to the smb.conf manpage?
Second problem was with the [homes] shares. I constantly got a bad user or
password when trying to connect to the home dir of a user.
First i recreated a simular share with the same permissions (uid:gid 700)
and this worked, so that wasn't the cause.
But creating this test share also led me to the answer. The valid user
field for the [homes] was wrong. It contained the default %S parameter.
But since my users come from the domain thru winbind they have the form
DOM+user. So when I changed the valid users field to "DOM+%S" it
worked
and the users got access.
Here I see a problem in the documentation. Maybe this should be added to
the [homes] section in the smb.conf manpage. Can I submit a patch for
this, if so how ?
Also, maybe add a extra variable substitution for the winbind separator
paramter and the domain Samba is part of to make a universal string like:
valid users = %D%w%S
Ok, I've just found out that %D already exsists but is only documented in
for the template homedir parameter. Does this mean that it only works for
this paramater or is it generally available? This should be documented.
There is still one thing thing thats need to be done is the automatic
creating of the home dirs. I know already found out here that when using
winbind I probably have to use the pam_mkhomedir module. Since this isn't
going to be supported by Samba itself.
So my final question is if anyone already has done this in I simular setup
as mine and and would like to share there experiences.
Thank you all for your help and this mailinglist.
Regards,
Tim
--
=============================================================================Tim
Verhoeven
Music Services - Michel Stoffels
GSM : 0496 / 693 453 + Deejayteam
Email : dj@sin.khk.be + Sound & Light rentals
URL : www.sin.khk.be/~dj/ + P.A. services
=========Public PGP-Key at : http://www.sin.khk.be/~dj/publickey.txt=========
Member of Student Information Networking (www.sin.khk.be)