Re: [Samba] winbind idmap Problem
Hi Takahashi, thank you for your swift reply. > > > The actual Problem is the Following: There Are different users (from one > unix group) which should write to this share - and they should be able to > delete files which are written by other users from the same group, which is > actually not working right now. Although owner:group is correct for files > created via samba, deleting files from other users fails although file > permissions are set correctly. > > > > Ideas anybody? > > Make different users belong to the same Windows group and map the > group to an UNIX group. > Maybe this works, but i would definilty prefer a soultion where uid/gid information is stored in lokal files (passwd/group). Question: is this possible in general? I have not found such a setup in the web ... Best Regards, Henrik -- GMX DSL Doppel-Flat ab 19,99 Euro/mtl.! Jetzt mit gratis Handy-Flat! http://portal.gmx.net/de/go/dsl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind idmap Problem
Hi list, I am still struggeling with some winbind/idmap Problem for some time, and still got no clue what is going wrong. I already asked on this list but maybe my previous description was unprecise so i want to start a new attempt: My Problem is as follows: uid/gid information is stored /etc/passwd and /etc/group local on my samba Server, passwords are stored in Active Directory. In order to let winbind fetch uid/gid information from local files i put the following in my smb.conf: idmap config MYREALM: backend = nss idmap config MYREALM: range = 100-10 and the following in /etc/nsswitch.conf: passwd: files winbind shadow: files group: files winbind Connecting to my Samba Server with AD password works + idmapping seems to work partly - heres some info from the logs: karmic (:::192.168.0.9) connect to service testshare initially as user testuser (uid=6, gid=200) (pid 21642) --> uid and gid matches data from passwd, which is what i want. [2011/02/01 16:01:26, 3] smbd/password.c:register_existing_vuid(299) register_existing_vuid: UNIX uid 6 is UNIX user testuser, and will be vuid 100 --> uid 6 still is correct - what about vuid 100? [2011/02/01 16:01:20, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [ xx ] --> no privilleges assigned seems wrong ... The actual Problem is the Following: There Are different users (from one unix group) which should write to this share - and they should be able to delete files which are written by other users from the same group, which is actually not working right now. Although owner:group is correct for files created via samba, deleting files from other users fails although file permissions are set correctly. Ideas anybody? Regards, Marius -- Neu: GMX De-Mail - Einfach wie E-Mail, sicher wie ein Brief! Jetzt De-Mail-Adresse reservieren: http://portal.gmx.net/de/go/demail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] fetch passwords from AD and group membership from /etc/group
Hi, > > I want to use Active Directory for my samba users passwords and > /etc/group for storing group membership. > > > > /etc/nsswitch.conf looks like: > > > > group: file > > > > Problem: the tests i ran show that the samba server does not know about > group membership (deleting file from other user belonging to the same > group fails). The same test works as expectet when winbindd is switched off. > What do i have to do to fix this while having winbindd running? > > > > It wont know anything about your groups at all with NSSwitch like this. > You need to make it > > group: files winbind > > OR configure NSS_LDAP and make it > > group: files ldap > something seems to be still missing i made a test with /etc/nsswitch.conf group: files winbind without any different results. As I far as i understand nsswitch.conf this line tells nsswitch to look for group memberships in local files first and secound in AD via winbind. As i have no group definitions for my samba users in the AD (only passwords) i don't understand why nsswitch.conf needs to look that way. Could someone please explain? best regards, Marius -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] fetch passwords from AD and group membership from /etc/group
Hi, > > > >> While you need not run winbindd if you want to use Active Directory > >> for authentication, if you need to run, idmap_nss map help you? > > > > i want to use winbind to be able to log in just by providing the > accountname, not domainname\accountname. > > "winbind use default domain = yes" is what you want ? logging in with only username not domainname\username already works fine. The missing part is that users cannot delete files in shares which are created by other users from the same unix group although the group has write ermissions. This starts working as soon as i switch winbind off, but then the domainname needs to be given during login, therefore i need change winbinds behavior. what i do not understand is that the logs show "connected to service xy ... as user abc (uid=n gid=m)" but the user still has problems deleting files although its gid seems right according to the logfile. Any mor hints? Marius -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] fetch passwords from AD and group membership from /etc/group
Hi Takahashi, > While you need not run winbindd if you want to use Active Directory > for authentication, if you need to run, idmap_nss map help you? > i want to use winbind to be able to log in just by providing the accountname, not domainname\accountname. i now added the following to my smb.conf: idmap domains = MYDOMAIN idmap uid = 6000-61000 idmap gid = 100-3000 idmap config MYDOMAIN: backend = nss which does not change anything so far (smb+winbind restarted). The uid/gid ranges cover values which are given to the account in /etc/passwd /etc/group - maybe that is wrong? best regard, Marius -- Neu: GMX De-Mail - Einfach wie E-Mail, sicher wie ein Brief! Jetzt De-Mail-Adresse reservieren: http://portal.gmx.net/de/go/demail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] fetch passwords from AD and group membership from /etc/group
Hi List, I want to use Active Directory for my samba users passwords and /etc/group for storing group membership. /etc/nsswitch.conf looks like: group: file Problem: the tests i ran show that the samba server does not know about group membership (deleting file from other user belonging to the same group fails). The same test works as expectet when winbindd is switched off. What do i have to do to fix this while having winbindd running? Regards, Marius -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
