LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Samba PDC + ACL - howto map users and groups on windows clients
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 09-04-2006, 03:50 PM   #1
myers
LQ Newbie
 
Registered: Sep 2006
Posts: 1

Rep: Reputation: 0
Samba PDC + ACL - howto map users and groups on windows clients

Hi guys,

I'm trying to setup ACL on my network but samba is being a big problem to me.
Well, all the unix machines are working very well with nfs + acl but the windows machines doesn't saw the unix users/groups, so the windows users can't access the acl exported share.
I'm using gentoo with samba 3.0.22-r3 with acl, kerberos and wibind support and I did tried several parameters combination on smb.conf like the follow:

domain master = yes
preferred master = yes
local master = yes
domain logons = yes
os level = 65
security = ADS
idmap uid = 500-10000000
idmap gid = 500-10000000
winbind enum users = yes
winbind enum groups = yes
inbind use default domain = Yes
nt acl support = yes
winbind nested groups = Yes

in any setup try I can't map the users on windows machine.

Looking at google I'd read about wbinfo and now I can think that there's some problem/mistake with my setup since even if I run winbindd I can't get any user/groups info:

web03 myers # wbinfo -u
Error looking up domain users

or

web03 myers # wbinfo -g
Error looking up domain groups

but I can get some domain informations:
web03 myers # wbinfo -D DOMAINAME
Name : DOMAINAME
Alt_Name :
SID : S-1-5-21-1020034761-3042356540-2715085242
Active Directory : No
Native : No
Primary : Yes
Sequence : -1

also, if I try to join the domain:

web03 shares # net ads join DOMAINNAME
root's password:
[2006/09/04 17:10:52, 0] utils/net_ads.c:ads_startup(191)
ads_connect: Transport endpoint is not connected

and if I try to run kinit:

web03 shares # kinit Administrator@DOMAINAME
kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials


Well, that's my only server machine for windows, all windows machines are just clients who log in on samba domain with the password mapped on smbpasswd file and this configuration is working very well, my only problem is with acl support on windows side.


What may I doing wrong? or acl support just work with a real windows ads controller using winbind to map from windows to unix? what I need is the opposite, mapping from unix to windows.

Thanks for any help and sorry for my poor english,

Claudinei Matos
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Map Windows NT Groups to UNIX Groups - why? kenji1903 Linux - Networking 4 10-16-2007 11:52 AM
How to Connect of Linux clients to Samba PDC lakshan Linux - Software 1 07-06-2006 06:49 PM
Samba as a PDC with Linux Clients BAK2004 Linux - Networking 4 05-12-2005 05:57 AM
samba 3.0.2 as PDC of W2K clients (mandrake 10.0) giorgiotheone Linux - Networking 0 04-06-2004 04:51 PM
Samba PDC / 200 Clients / Backupsystem saavik Linux - Networking 2 01-20-2003 09:06 AM


All times are GMT -5. The time now is 03:52 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration