Re: [Samba] Permission Problem --Windows or UNIX?

[Stephen Carville]

Gerald (Jerry) Carter wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stephen Carville wrote:


I am using Samba 3.0.20a with winbindd on FC3 and all 
the shares except one are working.  I keep getting a
permison denied error for non-local users in certain
directories.

...

And I have mapping between Windows and UNIX groups (list trimmed):

# net groupmap list
Guests (S-1-5-32-546) -> nobody
Domain Guests (S-1-5-21-2679732778-2536521927-3344223750-1199) -> nobody

....

testparm shows:

Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[global]
       unix charset = LOCALE
       workgroup = TOTALFLOOD
       netbios name = FILE-CABINET
       server string = Main File Server
       security = DOMAIN
       wins server = 192.168.124.10
       idmap uid = 10000-100000000
       idmap gid = 10000-100000000


Why are you using 'net groupmap' and winbindd ?

As far as I could tell from the documentation on samba.org, that is the 
corect way to use both local and windows accounts.  Give ownership of 
the directories to local accounts and groups. Use net groupmap to map 
the Windows groups name to UNIX groupnames.  Winbind provides the glue 
to hold it together.

Home directories are owned by the UNIX account if it's local and by the 
Win account as mapped by winbindd(?) otherwise

This seems to works for all but this one share.

In any case, I think we have the 'valid users' and
tokens stuff straightened out for systems with an smbpasswd
file.  I'll be posting a patch shortly to being 3.0.23b
up to what is proposed to be the 3.0.23c code tree.
You might want to look at that.

I don't use smbpasswd.  I have an smbusers file that maps local account 
to the equivalent Win account.  For example my UNIX username is 
"stephen" but my Win name is "scarville" so I have the entry:

stephen = TOTALFLOOD\scarville

I have similar entries for each local accounts that will also use the 
samba services.  Based on RT'ing the FM this looked like the  right 
thing to do.

If I'm doing it wrong, then I'll happily switch to doing it right if 
someone can point me in that direction.



cheers, jerry

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE7FEsIR7qMdg1EfYRAnLoAKCZdm1eGGxTvozbWXyMdvash1e+sgCgkKUl
xvvy8CSNjV892N79JHOi+sc=
=9vfb
-----END PGP SIGNATURE-----


--
Stephen Carville <[EMAIL PROTECTED]>
Unix and Network Admin
Nationwide Totalflood
6033 W. Century Blvd
Los Angeles, CA 90045
310-342-3602
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba