LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-17-2003, 06:21 AM   #1
foehlinger
LQ Newbie
 
Registered: Feb 2003
Posts: 2

Rep: Reputation: 0
Question some domain users can not own local files


Hello everyone,

i have set up PC with Redhat Linux 8.0 as a client in a pure windows domain. My goal was to use domain authentification instead of local accounts for remote logins via Cygwin. This works for *some* domain users, but unfortunately not for all.

The PC in question has joined the domain. Samba is set to security=domain and winbind is configured that i can see all domain user's SIDs and GIDs. On a try to login local at the PC as a domain user (as 'DOMAIN\user2'), /var/log/messages shows, that winbind-authentification works. But pam_unix.so rejects *some* of the the domain users:
Quote:
Feb 13 12:58:58 localhost pam_winbind[3239]: user 'DOMAIN\user2'
granted acces
Feb 13 12:58:58 localhost login(pam_unix)[3239]: could not identify user (from getpwnam(DOMAIN\user2))
Feb 13 12:58:58 localhost login[3239]: User not known to the underlying authentication module
Additional, i have recognized, that i cannot change file ownership to these users:
Quote:
[root@localhost home]# chown -Rc DOMAIN\\user2 testdir
chown: `DOMAIN\\user2': invalid user
These users _do_ exist and i have tried upper and lower case. All of the user's names in this domain start with the same character, an 'e'.
Any ideas, what can cause this behavior?

For other users and groups changing ownership works as it should:
Quote:
[root@localhost home]# chown -Rc DOMAIN\\user1 testdir
changed ownership of `testdir' to DOMAIN\\user1
[root@localhost home]# chown -Rc :DOMAIN\\not_existing_group_name testdir
chown: `:DOMAIN\\not_existing_group_name': invalid group
[root@localhost home]# chown -Rc :DOMAIN\\EXISTING_Group testdir
changed ownership of `testdir' to :DOMAIN\EXISTING_Group
any suggestions and ideas are appreciated

regards
Robert Foehlinger /confused
 
Old 02-18-2003, 07:56 AM   #2
foehlinger
LQ Newbie
 
Registered: Feb 2003
Posts: 2

Original Poster
Rep: Reputation: 0
problem solved

Got it!
strace showed me, that some domain user's UIDs have been wihin the range of my samba user id settings for remote access users. The system has not been able to map users whose domain UIDs have been within that range.

In /etc/smb.config I changed the line
winbind uid=10000-20000
to
winbind uid=63000-64000


Now also a domain user with id 14233 is able to own a file and to log in.

thanks for your efforts

Robert Foehlinger
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to authenticate external users but bypass prompt on local LAN users? taiwf Linux - Security 5 07-13-2005 10:01 AM
Same Domain name configuration for local and registered server and Mx rec configure cbekannan Linux - Software 0 02-07-2005 05:46 AM
Setting up local DNS domain name Corxscrew Linux - Newbie 1 01-20-2005 08:49 AM
postfix : sending local mail without domain iainr Linux - Software 2 12-10-2003 04:05 AM
adding a domain to my local linux test pc? kane hart Linux - Newbie 3 10-14-2003 11:58 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration