Samba/PAM/Winbind works but can't change permission

[LinuXelite]

Hi everyone!!

Here is my problem...

I have a domain and I set up a file server using Samba and Red Hat 8. In order to get my username/password and groups from the windows NT 4 server, I use winbind and PAM.

getenv passwd gives me
ORTHOFAB+videoconfqc:x:10092:10029:Vid?o conf?rence Qu?bec:/home/ORTHOFAB/videoconfqc:/bin/bash
ORTHOFAB+VilleneuveS:x:10093:10029:Sylvain Villeneuve:/home/ORTHOFAB/villeneuves:/bin/bash

getenv group : same.. it works.

I can log in using SSH or telnet using the users from the PDC domain and my local user. Ive done (smbpasswd -j DOMAIN -r .... -u domainadmin).

Now, I try to change the permission of a samba share in the windows explorer on a windows 2000 workstation (I logged as a domain administrator). It says "permission denied" and remotemachine.log in /var/samba gives me:

[2002/10/23 10:53:00, 0] passdb/pdb_smbpasswd.cdb_getsampwrid(1416)
unable to open passdb database.

In conclusion,
- PAM authentifiace the user from a PDC (windwos NT 4) and Ive change /etc/pam.d/samba;login and systemauth adding user sufficien pam_smd.so)
- I can see my share from a Windows workstation
- I CANNOT add a user, modify a policy or add a group to a samba share. In the windows explorer, I get the following message "the permission is denied" or I get nothing and I the change are not saved.

Few other question: When I create a file in samba from a windows station the owner of the file is not my user account but "SERVER FILE\NOBODY"?


Thank a lot for your help! Im waiting

 

[fluid11]

When you authenticate users from a Windows domain, you still need a matching UNIX account to exist in /etc/passwd. When you set permissions on a Samba share, you set the permissions equal to a Unix user and group. The Unix account does not need a password, it just needs to exist. You can automatically create the Unix account when a Windows user tries to access a share by adding this to the smb.conf file...

add user script = /usr/sbin/useradd %u

You also need these directives in smb.conf...

security = domain
password server = *
encrypt passwords = yes



"Few other question: When I create a file in samba from a windows station the owner of the file is not my user account but "SERVER FILE\NOBODY"?" --> You can force all files in a share to always be owned by a particular user or group by using a directive such as these...

force group = somegroup
force user = someuser

In addition to the above, you can set the GUID and SUID bits on the Samba share, but be careful when doing this. One of the worst things you can do in Linux/Unix is set the SUID bit on a file that is world writable and owned by root. That would give an attacker the ability to anything he/she wants.


ChrisP

 

[LinuXelite]

Thank you for your answer.

I authentifiace without a local unix account using winbindd and pam. I also use force group and force user.

howerver, it seems that linux cannot act as a file server like windows 2k

My boss decided to install Windows 2000 'cause its easier and there are a lot of great feature that samba doesnt have (samba 3 seems interesseted hopefully).

some of the feature concern the advances rights managements, domain groups and file owner.

Im really sorry because I really love linux and red hat looks good in our new serv.

Too bad

Im going to install apache and mysql on the win2k serv..

 

[fluid11]

"some of the feature concern the advances rights managements, domain groups and file owner" --> you CAN do this with Samba. I'm not going to waste my time talking about it though since you've already given up.

 

[LinuXelite]

I can't find a way to do it!!

Red hat is still installed in the server. Im not going to give up if you can point me to a online doc or manuel.

Please help me, you are not wasting your time your are helping linux in general in entreprise 'cause we could use linux in a lot of our files server amoung our compagnies.

Im waiting

Frank.

 

[LinuXelite]

Ok I figured out few thing.

We are keeping Linux even though it needs some improvement.

Im very happy IM going to my personnal program on gnome

 

[neokimia]

Hi all,

I have the same problem. Is somebody find anything on this? I really interested to use samba and to be able to set permissions using NU/2k/XP workstation.

Thanks
Yanick

 

[LinuXelite]

HI

Finally, I use samba and I am REALLY happy with it! It auto-create user's share, etc etc...

I manage my user with my domain and winbindd take care of everything...

I did not find a way to manager permission with Windows remotly but I can use swat. I personnaly prefer /etc/samba/smb.conf but some of my coworkers prefer to point and click ;o)

 

[ChristophePicky]

Thus anybody know documentation to establish a Linux Samba CVS server with wincvs clients over SSH
I' m able to share a map with authentication by the Windows PDC but is it possible to authenticate user within
wincvs against the PDC through the Samba CVS server
Thanks in advance

 

[GregDray]

I think you need to have acls enabled to be able to change permissions for folders and files, and then I think only the root/administrator user can change them. Dont quote me on this though, it seems to work ok for me at home minus the winbind.

Greg