-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Christensen wrote: > John H Terpstra - Samba Team wrote: >> David Christensen wrote: >>> John H Terpstra - Samba Team wrote: >>>> John Drescher wrote: >>>>> On Fri, Jun 26, 2009 at 4:00 PM, David >>>>> Christensen<[email protected]> wrote: >>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>> Hash: SHA1 >>>>>> >>>>>> David Christensen wrote: >>>>>>> John Drescher wrote: >>>>>>>> On Fri, Jun 26, 2009 at 12:38 PM, David >>>>>>>> Christensen<[email protected]> wrote: >>>>>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>>>>> Hash: SHA1 >>>>>>>>> >>>>>>>>> I configured samba to work with an FDS backend using a howto from the >>>>>>>>> Fedora Directory Server site. The howto had me create a Administrator >>>>>>>>> user in LDAP with UID/GID of 0. Now when anyone logs in as root and >>>>>>>>> do >>>>>>>>> a whoami it comes back as Administrator. If I delete the >>>>>>>>> Administrator >>>>>>>>> user in LDAP samba will break, how do I get around this issue and >>>>>>>>> still >>>>>>>>> provide samba the access level it needs? >>>>>>>>> >>>>>>>> put files first in your /etc/nsswitch.conf >>>>>>>> passwd: files ldap >>>>>>>> shadow: files ldap >>>>>>>> group: files ldap >>>>>>>> John >>>>>>> Looks like that is the way my nsswitch.conf is already configured. >>>>>> I am attempting to use the username map attribute in smb.conf to map >>>>>> root=Administrator but its not working, the Administrator account is >>>>>> still squashing root, do I need to delete the Administrator account from >>>>>> ldap or modify it in some way? >>>>>> >>>>> I do not know. I have user Administrator in my ldap but whoami shows root. >>>> You possibly have a file /etc/samba/smbusers in which there is a mapping >>>> as follows: >>>> root = administrator >>>> Tell me it's not true! >>>> - John T. >>>>> does root show up first on this command? >>>>> >>>>> getent passwd >>>>> >>>>> >>>>> >>>>> John >>> I do have /etc/samba/smbusers in which there is a mapping >>> as follows: >>> >>> root = administrator >>> >>> However it was not specified in smb.conf until today, when I tried to >>> "use" it. >> OK, but what does testparm tell you about the default configuration for >> your system? > >> testparm -sv | grep username > >> If the parameter "username map" is not mapped to /etc/samba/smbusers, >> the issue is isolated to the mappings of the "root" and "administrator" >> accounts and their respective uid/gid. > >> - John T. > > "username map" is no longer mapped to /etc/samba/smbusers, I commented > it out so it looks like the issue is indeed isolated to the mappings of > the root and administrator accounts. > > How do I permit the Administrator account the access level it needs > without squashing root on every box? > > This is what I currently have: > > [r...@ldap2 profiles]# getent passwd | grep :0:0 > root:x:0:0:root:/root:/bin/bash > Administrator:x:0:0:Samba Admin:/root:/bin/bash
Looks like I figured it out, I deleted the Administrator account in LDAP, re-enabled the /etc/samba/smbusers file in smb.conf, and then added root to the password backend. I was able to login as Administrator and the account no longer squashed root. Is there is a known issue with using the method I did? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpFR7cACgkQ5B+8XEnAvqvF7wCgm9BIxVLY1/N9I814V62zYAvK wwkAoJJQsp4SjOs3G1Y2zaAmlHiTC4h3 =GAkR -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
