[Samba] winbind and remote users - Samba

This is a discussion on [Samba] winbind and remote users - Samba ; ciao. i'm using samba 3.0.30 from gentoo (emerge). [ebuild R ] net-fs/samba-3.0.30 USE="acl cups ipv6 pam python quotas readline winbind -ads -async -automount -caps -doc -examples - fam -ldap (-selinux) -swat -syslog" LINGUAS="-ja -pl" 20,030 kB i didn't found many ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [Samba] winbind and remote users

  1. [Samba] winbind and remote users

    ciao.

    i'm using samba 3.0.30 from gentoo (emerge).
    [ebuild R ] net-fs/samba-3.0.30 USE="acl cups ipv6 pam python
    quotas readline winbind -ads -async -automount -caps -doc -examples -
    fam -ldap (-selinux) -swat -syslog" LINGUAS="-ja -pl" 20,030 kB

    i didn't found many howto on this...
    but i did red the howto
    http://www.samba.org/samba/docs/man/...n/winbind.html

    the network is connected via openvpn, with a "central" wins server and other
    pdc client of it.
    i didn't set up an ldap because the user base is very small (2-4 per site).
    i have set up the relationship between domains, and tested it with wbinfo.
    also, getent passwd give me all the clients of all domains.

    now, an user A from domain SANTARCANGELO have to login in a CENTROSTORICO
    domain member machine.

    the user is correctly authenticated, but it does not load the home directory.
    so i setted up:
    ---
    template homedir = /home/winbind/%D/%U
    template shell = /bin/false
    ---
    so i have created directory SANTARCANGELO in /home/winbind/ of CENTROSTORICO
    and then i copied the whole profile inside SANTARCAGELO with rsync, and
    chowned it.
    does not work.

    so copied the home direcotry of user in /home of CENTROSTORICO.
    does not work anyway.

    now i have commented the two "template" lines cause seems that thay are only
    needed to log in with telnet, ssh, and so on.

    i have installed inotify tools and seems that on local directory no files are
    opened.
    in the domain master SANTARCAGELO instead there are at least one access in the
    home directory, but only in /home and /home/username.

    here the output of testparm, stripped of shares "comune", "printers"
    e "print$".

    any help would be welcome, also rtfm and link to howto/manuals.

    config of santarcangelo:
    ---
    [global]
    workgroup = SANTARCANGELO
    netbios name = SANTARCANGELO
    server string = Santarcangelo Samba Server
    interfaces = 192.168.0.0/16
    username map = /etc/samba/smbusers
    password level = 8
    username level = 8
    log file = /var/log/samba/log.%m
    max log size = 1000
    name resolve order = wins host lmhosts bcast
    unix extensions = No
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    printcap name = cups
    add machine script = /usr/sbin/useradd -d /dev/null -g machines -c
    'Machine Account' -s /bin/false '%m$'
    logon script = logon.bat
    logon path = \\%L\%U\.ntprofile
    logon drive = Z:
    logon home = \\%L\%U
    domain logons = Yes
    os level = 33
    preferred master = Yes
    domain master = Yes
    wins support = Yes
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    winbind enum users = Yes
    winbind enum groups = Yes
    winbind use default domain = Yes
    winbind trusted domains only = Yes
    admin users = @root
    hosts allow = 127.0.0.1, 192.168.0.0/16, 172.16.0.0/24
    hide unreadable = Yes
    include = /etc/samba/smb.conf.santarcangelo-server

    [homes]
    comment = Home Directory of %u
    read only = No
    create mask = 0644
    browseable = No

    [netlogon]
    path = /var/lib/samba/netlogon/
    write list = @root
    browseable = No

    [profiles]
    path = /home/%u/.ntprofiles
    read only = No
    create mask = 0600
    directory mask = 0700
    ---

    config di centrostorico:
    ---
    [global]
    workgroup = CENTROSTORICO
    netbios name = CENTROSTORICO
    server string = Centro Storico Samba Server
    interfaces = 192.168.0.0/16
    username map = /etc/samba/smbusers
    password level = 8
    username level = 8
    log file = /var/log/samba/log.%m
    max log size = 1000
    name resolve order = wins host lmhosts bcast
    unix extensions = No
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    printcap name = cups
    add machine script = /usr/sbin/useradd -d /dev/null -g machines -c
    'Machine Account' -s /bin/false '%m$'
    logon script = logon.bat
    logon path = \\%L\%U\.ntprofile
    logon drive = Z:
    logon home = \\%L\%U
    domain logons = Yes
    os level = 33
    preferred master = Yes
    domain master = Yes
    wins proxy = Yes
    wins server = 192.168.0.1
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    winbind enum users = Yes
    winbind enum groups = Yes
    winbind use default domain = Yes
    winbind trusted domains only = Yes
    admin users = @root
    hosts allow = 127.0.0.1, 192.168.0.0/16, 172.16.0.0/24
    hide unreadable = Yes
    include = /etc/samba/smb.conf.centrostorico-server

    [homes]
    comment = Home Directory of %u
    read only = No
    create mask = 0644
    browseable = No

    [netlogon]
    path = /var/lib/samba/netlogon/
    write list = @root
    browseable = No

    [profiles]
    path = /home/%u/.ntprofiles
    read only = No
    create mask = 0600
    directory mask = 0700
    ---

    thanks a lot!
    d.
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] winbind and remote users

    I think you're investigating in the wrong direction. As far as I
    understood (I may be mistaken too) a user of SANTARCANGELO domain, even if
    it logs on another domain's machine is still a SANTARCANGELO domain's
    user. That means, the user properties (home directory, profile path, ...)
    come from SANTARCANGELO domain PDC

    What you should check is wether the SANTARCANGELO domain's user logged on
    a CENTROSTORICO domain's machine can still access (by browsing the network
    neighbourhood for instance) his home directory (wherever it resides in the
    SANTARCANGELO domain) from this "foreign" machine.

    François

    > ciao.
    >
    > i'm using samba 3.0.30 from gentoo (emerge).
    > [ebuild R ] net-fs/samba-3.0.30 USE="acl cups ipv6 pam python
    > quotas readline winbind -ads -async -automount -caps -doc -examples -
    > fam -ldap (-selinux) -swat -syslog" LINGUAS="-ja -pl" 20,030 kB
    >
    > i didn't found many howto on this...
    > but i did red the howto
    > http://www.samba.org/samba/docs/man/...n/winbind.html
    >
    > the network is connected via openvpn, with a "central" wins server and
    > other
    > pdc client of it.
    > i didn't set up an ldap because the user base is very small (2-4 per
    > site).
    > i have set up the relationship between domains, and tested it with wbinfo.
    > also, getent passwd give me all the clients of all domains.
    >
    > now, an user A from domain SANTARCANGELO have to login in a CENTROSTORICO
    > domain member machine.
    >
    > the user is correctly authenticated, but it does not load the home
    > directory.
    > so i setted up:
    > ---
    > template homedir = /home/winbind/%D/%U
    > template shell = /bin/false
    > ---
    > so i have created directory SANTARCANGELO in /home/winbind/ of
    > CENTROSTORICO
    > and then i copied the whole profile inside SANTARCAGELO with rsync, and
    > chowned it.
    > does not work.
    >
    > so copied the home direcotry of user in /home of CENTROSTORICO.
    > does not work anyway.
    >
    > now i have commented the two "template" lines cause seems that thay are
    > only
    > needed to log in with telnet, ssh, and so on.
    >
    > i have installed inotify tools and seems that on local directory no files
    > are
    > opened.
    > in the domain master SANTARCAGELO instead there are at least one access in
    > the
    > home directory, but only in /home and /home/username.
    >
    > here the output of testparm, stripped of shares "comune", "printers"
    > e "print$".
    >
    > any help would be welcome, also rtfm and link to howto/manuals.
    >
    > config of santarcangelo:
    > ---
    > [global]
    > workgroup = SANTARCANGELO
    > netbios name = SANTARCANGELO
    > server string = Santarcangelo Samba Server
    > interfaces = 192.168.0.0/16
    > username map = /etc/samba/smbusers
    > password level = 8
    > username level = 8
    > log file = /var/log/samba/log.%m
    > max log size = 1000
    > name resolve order = wins host lmhosts bcast
    > unix extensions = No
    > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    > printcap name = cups
    > add machine script = /usr/sbin/useradd -d /dev/null -g machines -c
    > 'Machine Account' -s /bin/false '%m$'
    > logon script = logon.bat
    > logon path = \\%L\%U\.ntprofile
    > logon drive = Z:
    > logon home = \\%L\%U
    > domain logons = Yes
    > os level = 33
    > preferred master = Yes
    > domain master = Yes
    > wins support = Yes
    > idmap uid = 10000-20000
    > idmap gid = 10000-20000
    > winbind enum users = Yes
    > winbind enum groups = Yes
    > winbind use default domain = Yes
    > winbind trusted domains only = Yes
    > admin users = @root
    > hosts allow = 127.0.0.1, 192.168.0.0/16, 172.16.0.0/24
    > hide unreadable = Yes
    > include = /etc/samba/smb.conf.santarcangelo-server
    >
    > [homes]
    > comment = Home Directory of %u
    > read only = No
    > create mask = 0644
    > browseable = No
    >
    > [netlogon]
    > path = /var/lib/samba/netlogon/
    > write list = @root
    > browseable = No
    >
    > [profiles]
    > path = /home/%u/.ntprofiles
    > read only = No
    > create mask = 0600
    > directory mask = 0700
    > ---
    >
    > config di centrostorico:
    > ---
    > [global]
    > workgroup = CENTROSTORICO
    > netbios name = CENTROSTORICO
    > server string = Centro Storico Samba Server
    > interfaces = 192.168.0.0/16
    > username map = /etc/samba/smbusers
    > password level = 8
    > username level = 8
    > log file = /var/log/samba/log.%m
    > max log size = 1000
    > name resolve order = wins host lmhosts bcast
    > unix extensions = No
    > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    > printcap name = cups
    > add machine script = /usr/sbin/useradd -d /dev/null -g machines -c
    > 'Machine Account' -s /bin/false '%m$'
    > logon script = logon.bat
    > logon path = \\%L\%U\.ntprofile
    > logon drive = Z:
    > logon home = \\%L\%U
    > domain logons = Yes
    > os level = 33
    > preferred master = Yes
    > domain master = Yes
    > wins proxy = Yes
    > wins server = 192.168.0.1
    > idmap uid = 10000-20000
    > idmap gid = 10000-20000
    > winbind enum users = Yes
    > winbind enum groups = Yes
    > winbind use default domain = Yes
    > winbind trusted domains only = Yes
    > admin users = @root
    > hosts allow = 127.0.0.1, 192.168.0.0/16, 172.16.0.0/24
    > hide unreadable = Yes
    > include = /etc/samba/smb.conf.centrostorico-server
    >
    > [homes]
    > comment = Home Directory of %u
    > read only = No
    > create mask = 0644
    > browseable = No
    >
    > [netlogon]
    > path = /var/lib/samba/netlogon/
    > write list = @root
    > browseable = No
    >
    > [profiles]
    > path = /home/%u/.ntprofiles
    > read only = No
    > create mask = 0600
    > directory mask = 0700
    > ---
    >
    > thanks a lot!
    > d.
    > --
    > To unsubscribe from this list go to the following URL and read the
    > instructions: https://lists.samba.org/mailman/listinfo/samba
    >



    --
    François Legal
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread