W dniu 19.10.2010 16:50, Adrian Graham pisze: > Folks, > > Having some fun with winbind on Samba 3.5.5 on RHEL5 and/or Centos5. > I’ve got it working so ssh logins work correctly and file permissions > are seemingly correct with created files etc. Backend authentication > is from a Win2K3R2 box running RFC2372 extensions (ie not SFU) and all > UIDs etc are assigned for the users who need them. > > However, wbinfo returns some interesting things. We’re in a reasonably > sized AD forest and there seems to be some ID mashing going on. If I > do wbinfo –u it will sniff out the entire forest and return anything > its allowed to as well as the local domain, obviously this can be > filtered by using --domain=DOMAIN which sometimes works well, groups > also. > > Things that don’t work: > > wbinfo -i returns ‘could not get info for user’ > wbinfo -r returns ‘could not get groups for user’ > wbinfo -Y returns ‘could not convert sid’ > wbinfo --user-sidinfo returns ‘couldn’t get info for user’ > wbinfo --user-sids also returns failure. > > Things that do: > > wbinfo -S my-username-SID correctly returns my UID of 666 > wbinfo -s my-username-SID correctly returns DOMAIN+Username > getent group > getent passwd > > Wish I could remember what I changed, but at some point wbinfo -u > username DID work but returned a UID of 147, no idea where it got that > from as I even deleted the idmap cache files etc. Also if I browse to > a share and create a file it ends up with the UID/GID of a user in a > completely different domain! > > Current smb.conf: > > [global] > > workgroup = CAM > realm = CAM.CW.LOCAL > server string = test-samba server (CentOS 5) > interfaces = 127.0.0.1, eth0 > bind interfaces only = Yes > security = ADS > map to guest = Bad User > password server = 172.31.134.30 > log level = 100 > log file = /var/log/samba/%m.log > printcap name = cups > wins server = 172.31.134.30 > idmap uid = 10000-20000 > idmap gid = 10000-20000 > template shell = /bin/bash > winbind separator = + > winbind cache time = 5 > winbind use default domain = Yes > winbind trusted domains only = Yes > idmap config CAM: range = 100-9999 > idmap config CAM: backend = ad > idmap config CAM: schema_mode = rfc2307 > idmap config CAM: default = yes > > [homes] > comment = Home Directories > read only = No > create mask = 0664 > directory mask = 0775 > browseable = No > > [docs] > path = /usr/share/doc/samba3/htmldocs > guest ok = Yes > > Anyone? Kerberos seems to be acting ok too, otherwise SSH logins wouldn't > work? >
Winbind in samba 3.5 is something broken. I try samba 3.5.3, 3.5.4 and the latest 3.5.6 and i have problems. For example: I connect to samba share (samba are member of AD) from Windows 7 x86_64 and when i create file, root is the owner, but it shuld be me (user, that connect to this share). For me it is messy. Again i switch back to samba 3.4.9 to use winbind Samba 3.5.6 have broken acls to - when i try to change and populate acl trough the directories i have error: bad argument and operation stopped. So many hours spend with it. I.Piasecki -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba