Chris Hall
2007-Feb-09 09:15 UTC
[Samba] Samba Domain Member Server -- tdbsam/winbind/idmap_rid -- file ownership ?
I have just struggled to implement a Samba Domain Server, and have some remaining issues. I have a Samba PDC using tdbsam, managing a domain called RHEA. I have (finally) configured a new Samba Domain Server (AUREUS) using winbind and idmap_rid. When I am logged in to RHEA as user GMCH I can access a TMP share on AUREUS (at last). Running 'getent passwd' I get (inter alia): RHEA\gmch:*:12000:10513:.... and 'getent group' gives: RHEA\domain users:*:1053:RHEA\gmch:... When I create files on TMP I find that they are owned by 'root' and in the group 'RHEA\domain users', eg: -rwxr--r-- 1 root RHEA\domain users 8 Feb 8 20:29 Hello Samba The group is fine. QUESTION: why is the file owner not RHEA\gmch ? I note that 'RHEA\gmch' and 'RHEA\domain users' are apparently disabled as far as getent can see -- so I suppose that's what winbindd is telling it. Is this the problem ? BTW I discover that it is a good idea to set 'root' in the tdbsam, along with groupmap for 'Domain Admins' etc. Windows then reports ownership of 'AUREUS\root'. Chris -- Chris Hall @ Home +44 (0)7970 277 383
Chris Hall
2007-Feb-10 12:47 UTC
[Samba] Samba Domain Member Server -- tdbsam/winbind/idmap_rid -- file ownership ?
Following myself up... On Fri, 9 Feb 2007 Chris Hall <chris.hall@halldom.com> wrote> >I have just struggled to implement a Samba Domain Server, and have some >remaining issues. > >I have a Samba PDC using tdbsam, managing a domain called RHEA. > >I have (finally) configured a new Samba Domain Server (AUREUS) using >winbind and idmap_rid. > >When I am logged in to RHEA as user GMCH I can access a TMP share on >AUREUS (at last). > >Running 'getent passwd' I get (inter alia): > > RHEA\gmch:*:12000:10513:.... > >and 'getent group' gives: > > RHEA\domain users:*:1053:RHEA\gmch:... > >When I create files on TMP I find that they are owned by 'root' and in >the group 'RHEA\domain users', eg: > > -rwxr--r-- 1 root RHEA\domain users 8 Feb 8 20:29 Hello Samba > >The group is fine. > >QUESTION: why is the file owner not RHEA\gmch ? > >I note that 'RHEA\gmch' and 'RHEA\domain users' are apparently disabled >as far as getent can see -- so I suppose that's what winbindd is >telling it. Is this the problem ?I have told the pam set up to use winbindd. No change. I note that I can chown 'RHEA\gmch', but I cannot su 'RHEA\gmch' (su just quietly fails, and I stay as root). If I put 'force user = RHEA\gmch' into a [TMP] share, the share becomes unusable ! What am I missing ?? Am I expecting too much ? [Though given that I can chown to RHEA\gmch, I'd have thought that samba could ??] Chris -- Chris Hall