Hello,
I have two Domains (DOM1 and DOM2). Each trust each other. Now I
configured winbind on PDC1 with the following settings:
winbind separator = +
idmap backend = ldap:ldap://192.168.1.4
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/bash
On PDC1 i can see the users of DOM2 now:
# wbinfo -u
DOM2+user2
.....
Nsswitch is configured to use winbind too.
I put DOM2+user2 in a global group (mygroup) on DOM1:
# id DOM2+user2
uid=10000(DOM2+user2) gid=10006(DOM2+domain users) 1031(mygroup)
I put a file on a share of PDC1 that is readable for mygroup:
# ls -la /share/test.txt
-rw-r----- 1 root mygroup 8 Sep 11 00:16 /share/test.txt
And here`s my problem:
When I do "su - DOM2+user2" on PDC1 I can read the content of this
file
(because of being a member of the group that has read rights on the file).
But when I access the file from a machine out of DOM2, I get a permission
denied error message.
I allready found a older message from Gerald Carter where he said that
winbindd on a PDC only alloocates Unix ids for users and groups from
trusted domains. Not its own domain.
What other way do I have to make files accessable on a share for both
domain users? Or does winbind allready can handle this and I have done
something wrong in my coniguration.
Best regards
Marc
--
Marc Muehlfeld
Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
Lochhamer Str. 29 - D-82152 Martinsried
Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78
http://www.medizinische-genetik.de
Hi, is there a way to make winbindd on a PDC show the user and groups of itself and of his trusted domains? I need some groups of both domains for directories on one PDC. But when I used winbindd samba don`t looked up the local ones any more. Is there a way to do this? Or is it planned to add this feature? I found a posting of Gerald Carter from Dec 2005, that its not working: Gerald (Jerry) Carter jerry at samba.org>winbindd on a PDC only alloocates Unix ids for users and groups from >trusted domains. Not its own domain.Best regards Marc -- Marc Muehlfeld (Leitung Systemadministration) Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost Lochhamer Str. 29 - D-82152 Martinsried Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78 http://www.medizinische-genetik.de
Hi, Matt Skerritt schrieb:>> - Insert the following lines on your PDC's smb.conf: >> winbind enum groups = yes >> winbind enum users = yes >> winbind trusted domains only = yes >> winbind use default domain = yes >> template homedir = /home/%U >> template shell = /bin/false >> >> - Start Winbind. >> >> - Join the PDC to its own domain (net rpc join) >> >> - Check if it was successful (net rpc testjoin) >> >> - Check if the shared secrets of Winbind are OK (wbinfo -t) >> >> - Test if you can authenticate a user via winbind >> (wbinfo -a user%password)I execute all steps, but wbinfo still only get groups and users of the trusted domain and not of the PDC itself. I configured nsswitch.conf for winbind, so that I get the user and groups of the trusted domain too, when i execute getent. The funny thing is, when I add TRUSTDOMAIN\user to a local group and su to that user (after template shell = /bin/bash), I can access shares that this group is allowed to, when im logged in as that user e. g. via ssh. But when I try to access the same folder over samba, I get a access-denied-error. Any ideas? Best regards Marc -- Marc Muehlfeld Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost Lochhamer Str. 29 - D-82152 Martinsried Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78 http://www.medizinische-genetik.de