X-Spam-Check-By: sourceware.org
To: cygwin@cygwin.com
From: Andrew DeFaria <Andrew@DeFaria.com>
Subject:  Re: Permissions problem - odd setup
Date:  Tue, 21 Feb 2006 20:45:13 -0800
Lines: 50
Message-ID: <dtgq85$mgu$1@sea.gmane.org>
References:  <022120061644.14282.43FB438A000B51A1000037CA22007358340A050E040D0C079D0A@comcast.net> <dtfh73$9q0$1@sea.gmane.org> <200602211816.39039.mailing-cygwin@schoenhaber.de> <dtfj9q$i64$1@sea.gmane.org> <dtgaj5$6es$1@sea.gmane.org>
Mime-Version:  1.0
Content-Type:  text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding:  8bit
User-Agent: Thunderbird 1.5 (Windows/20051201)
In-Reply-To: <dtgaj5$6es$1@sea.gmane.org>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie.com@cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

Andrew DeFaria wrote:
> Andrew DeFaria wrote:
>> Markus Schönhaber wrote:
>>
>> Don't know if this is of any help: you can set the SIDs for the user 
>> and the user's primary group on the Samba box with pdbedit ... -U 
>> <SID> -G <SID> ...Maybe it helps if you use the same SIDs your 
>> Windows Domain account has.
> OK, got the admin to do that command. Remapped the drive. Same 
> problems. Any other ideas?
It seems that this didn't work because we are using only smbpasswd and 
need to update to using tdbsam 
(http://swamp.chl.chalmers.se/samba/docs/man/Samba-HOWTO-Collection/passdb.html#pdbeditthing):

    tdbsam

        This backend provides a rich database backend for local servers.
        This backend is not suitable for multiple domain controllers
        (i.e., PDC + one or more BDC) installations.

        The /tdbsam/ password backend stores the old / smbpasswd/
        information plus the extended MS Windows NT/200x SAM information
        into a binary format TDB (trivial database) file. The inclusion
        of the extended information makes it possible for Samba-3 to
        implement the same account and system access controls that are
        possible with MS Windows NT4/200x-based systems.

        The inclusion of the /tdbsam/ capability is a direct response to
        user requests to allow simple site operation without the
        overhead of the complexities of running OpenLDAP. It is
        recommended to use this only for sites that have fewer than 250
        users. For larger sites or implementations, the use of OpenLDAP
        or of Active Directory integration is strongly recommended.

Additionally:

    The resolution of SIDs to UIDs is fundamental to correct operation
    of Samba. In both cases shown, if winbindd is not running or cannot
    be contacted, then only local SID/UID resolution is possible. See
    resolution of SIDs to UIDs
    <http://swamp.chl.chalmers.se/samba/docs/man/Samba-HOWTO-Collection/passdb.html#idmap-sid2uid>
    and resolution of UIDs to SIDs
    <http://swamp.chl.chalmers.se/samba/docs/man/Samba-HOWTO-Collection/passdb.html#idmap-uid2sid>
    diagrams.

Apparently I need to have them switch to tdbsam style backend in order 
to set things like SIDs and the like. This might be a hard sell...
-- 
Don't make no sense that common sense don't make no sense no more. - 
John Prine


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/