I'm testing Samba 2.2.5 with winbind. I can successfully authenticate
domain users who do and don't have corresponding UNIX accounts as well as
domain users who do have a UNIX account. Files created from PC side by
usera show up in UNIX "ls -l" as owned by usera so I thought the
automatic
username mapping was working correctly, but I found out that usera isn't
being assigned his UNIX User ID correctly. I found this because UserA
doesn't have write access in the areas he should when he comes in through
samba. I had usera write a file in a public space, and from the UNIX side
did
ls -n
to show the UID assigned, and it is one of the Ids in the winbind range,
not the user's UNIX UID ...
I tried adding a username map to force the UID mapping explicitly, but even
after doing that, the UID is still the winbind one, not the correct UNIX
one. I'd like to get this working. Any tips would be most appreciated.
Karen Wieprecht
karen.wieprecht@jhuapl.edu
P.S. This is the configuration I was using, I tried adding a username map,
and then tried changing "winbind use default domain = No" at one
user's
suggestion, but no luck.
# Global parameters
[global]
workgroup = WALNETNT
netbios name = ROSEHORSE
server string = rosehorse
security = DOMAIN
encrypt passwords = Yes
password server = *
passwd program = /usr/bin/yppasswd
log level = 2
log file = /usr/samba/log.%m
max log size = 500
name resolve order = host wins bcast
keepalive = 30
os level = 0
preferred master = False
local master = No
domain master = False
dns proxy = No
wins server = x.x.x.x
lock dir = /usr/samba/locks
valid chars = - _
winbind uid = 10000-20000
winbind gid = 10000-20000
template homedir = /netshare/users/samba/%U
winbind separator = _
winbind cache time = 60
winbind use default domain = Yes
guest account = user1
guest ok = No
map to guest = Never
hosts allow = x.x.x.
veto files = /*.eml/*.nws/riche20.dll/*.{*}/
strict locking = Yes
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 17 Oct 2002, Wieprecht, Karen M. wrote:> I'm testing Samba 2.2.5 with winbind. I can successfully authenticate > domain users who do and don't have corresponding UNIX accounts as well as > domain users who do have a UNIX account. Files created from PC side by > usera show up in UNIX "ls -l" as owned by usera so I thought the automatic > username mapping was working correctly, but I found out that usera isn't > being assigned his UNIX User ID correctly. I found this because UserA > doesn't have write access in the areas he should when he comes in through > samba. I had usera write a file in a public space, and from the UNIX side > did > ls -n > to show the UID assigned, and it is one of the Ids in the winbind range, > not the user's UNIX UID ... > > I tried adding a username map to force the UID mapping explicitly, but even > after doing that, the UID is still the winbind one, not the correct UNIX > one. I'd like to get this working. Any tips would be most appreciated.Winbind is consulted first. Usernames that match in the Windows domain take priority. The has been a lot of discussion about this, but i'm just letting you know that this current behavior is by design. jerry --------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2 "SAMS Teach Yourself Samba in 24 Hours" 2ed "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9rz2RIR7qMdg1EfYRAo50AJ9vJCH4NzbwSXpj8Y7DXL2d2JmRGACg3BM9 2+jUYwS7w5UjMy7ldAQB+EI=ON4G -----END PGP SIGNATURE-----