Hello,
I'm trying to get a Samba to work on a Sun Solaris10 SPARC. The Samba has to
be a Domain member in order to use the NT-Users and Groups. So I need winbind.
The preinstalled Samba, winbind is not compiled in and the precompiled Samba on
sunfreeware.com is nether delivered with the libnss_winbind.so. So I compiled my
own one. I tried with 3.0.20a, 3.0.22 and 3.0.24.
./configure --with-acl-support --with-winbind --prefix=/usr/local/samba-3.0.24
Any of them works fine except the important thing that non of the nested Groups
are recognized for the NT-Users.
My domain was migrated from NT4 to ADS before I start trying to get a Samba to
work. ADS is configured with backward compatibility to NT4.
Wbinfo and (with "winbind enum groups = yes" and "winbind enum
users = yes") also getent gifs me any of the NT-Users and -Groups. But if I
do an id <NT-USER> or if I do a simple id as an NT-User, I only get the
UID and the GID no entry in groups.
root@mars /etc/samba # id sbzvzgdom+bm
uid=15015(SBZVZGDOM+bm) gid=15000(SBZVZGDOM+domain users)
root@mars /etc/samba # su sbzvzgdom+bm
SBZVZGDOM+bm@mars /etc/samba $ id
uid=15015(SBZVZGDOM+bm) gid=15000(SBZVZGDOM+domain users)
In order that this do not work, I don't have permission from Windows on a
directory or File witch I had gif the permission for a NT-Group, witch the user
are member of.
root@mars /etc/samba # getent group sbzvzgdom+abt_edv
SBZVZGDOM+abt_edv:x:15008:SBZVZGDOM+dp,SBZVZGDOM+aa,SBZVZGDOM+tv,SBZVZGDOM+hb,SBZVZGDOM+lc,SBZVZGDOM+mr,SBZVZGDOM+rr,SBZVZGDOM+alpha,SBZVZGDOM+musterx,SBZVZGDOM+bta,SBZVZGDOM+orasaturn,SBZVZGDOM+orapluto,SBZVZGDOM+rn,SBZVZGDOM+sm,SBZVZGDOM+bm,SBZVZGDOM+mn
root@mars /etc/samba # getfacl /u02/windows_home_dirs
# file: /u02/windows_home_dirs
# owner: root
# group: root
user::rwx
group::r-x #effective:r-x
group:SBZVZGDOM+abt_edv:rwx #effective:rwx
mask:rwx
other:---
default:user::rwx
default:group::r-x
default:group:SBZVZGDOM+abt_edv:rwx
default:mask:rwx
default:other:---
I know that there is a Bug report at
https://bugzilla.samba.org/show_bug.cgi?id=3990 and fundamentally that describes
exactly the Problem I'm fighting with. But one of the comment says that this
Problem begins wit Version 3.0.23 and didn't occur with 3.0.22. In my case
none of the Versions works, so maybe my Problem is an other one.
That's the output of testparm:
root@mars /etc/samba # /usr/local/samba/bin/testparm
Load smb config files from /usr/local/samba-3.0.24/lib/smb.conf
Can't find include file /etc/samba/smb.conf.0.0.0.0
Processing section "[homes]"
Processing section "[windows_home_dirs]"
Processing section "[windows_profiles]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
workgroup = SBZVZGDOM
security = DOMAIN
log file = /var/samba/log/log.smbd.%I
name resolve order = wins bcast hosts
wins server = 192.168.168.24
idmap uid = 15000-20000
idmap gid = 15000-20000
template homedir = /export/home/%U
template shell = /usr/bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
include = /etc/samba/smb.conf.0.0.0.0
[homes]
comment = Home Directory
path = /u02/windows_home_dirs/%U
valid users = SBZVZGDOM+%S
read only = No
create mask = 07777
browseable = No
[windows_home_dirs]
comment = windows_home_dirs
path = /u02/windows_home_dirs
read only = No
[windows_profiles]
comment = windows_profiles
path = /u02/windows_profiles
admin users = manager
read only = No
create mask = 07777
browseable = No
The include is to increase the log level fore a specific client and has only the
two Lines:
log level = 10
max log size = 0
Sorry about my englisch..
Thanks for any help
Berner Martin
