<smbconfoption name="add user script">/usr/sbin/useradd -m '%u'</smbconfoption>
<smbconfoption name="add machine script">/usr/sbin/useradd -M '%u'</smbconfoption>
<smbconfoption name="add group script">/usr/sbin/groupadd '%g'</smbconfoption>
-<smbconfoption name="winbind enable local accounts">Yes</smbconfoption>
<smbconfoption name="log file">/var/log/samba/%m</smbconfoption>
<smbconfoption name="max log size">0</smbconfoption>
<smbconfoption name="smb ports">139</smbconfoption>
</answer>
</qandaentry>
- <qandaentry>
- <question>
-
- <para><indexterm>
- <primary>winbind enable local accounts</primary>
- </indexterm><indexterm>
- <primary>/etc/passwd</primary>
- </indexterm><indexterm>
- <primary>options list</primary>
- </indexterm><indexterm>
- <primary>ACL</primary>
- </indexterm><indexterm>
- <primary>share</primary>
- </indexterm>
- In my &smb.conf; file, I enabled the parameter <parameter>winbind enable local accounts
- </parameter> on all domain member servers, but it does not work. The accounts I put in
- <filename>/etc/passwd</filename> do not show up in the options list when I try to set an
- ACL on a share. What have I done wrong?
- </para>
-
- </question>
- <answer>
-
- <para><indexterm>
- <primary>local users</primary>
- </indexterm><indexterm>
- <primary>local groups</primary>
- </indexterm><indexterm>
- <primary>UNIX account</primary>
- </indexterm><indexterm>
- <primary>getpwnam()</primary>
- </indexterm><indexterm>
- <primary>getgrgid()</primary>
- </indexterm><indexterm>
- <primary>Identity resolution</primary>
- </indexterm><indexterm>
- <primary>failure</primary>
- </indexterm><indexterm>
- <primary>Domain</primary>
- </indexterm>
- The manual page for this &smb.conf; file parameter clearly says, <quote>This parameter
- controls whether or not winbindd will act as a stand-in replacement for the various
- account management hooks in smb.conf (for example, add user script). If enabled, winbindd
- will support the creation of local users and groups as another source of UNIX account
- information available via getpwnam() or getgrgid(), etc....</quote> By default this
- parameter is already enabled; therefore, the action you are seeing is a result of a failure
- of identity resolution in the domain.
- </para>
-
- <para><indexterm>
- <primary>Domain logons</primary>
- </indexterm><indexterm>
- <primary>Identity resolution</primary>
- </indexterm><indexterm>
- <primary>Domain</primary>
- <secondary>user</secondary>
- </indexterm><indexterm>
- <primary>Domain</primary>
- <secondary>group</secondary>
- </indexterm><indexterm>
- <primary>UID</primary>
- </indexterm><indexterm>
- <primary>GID</primary>
- </indexterm>
- These are the accounts that are available for Windows network domain logons. Providing
- identity resolution has been correctly configured on the domain controllers as well as
- on domain member servers. The domain user and group identities automatically map
- to a valid local UID and GID pair.
- </para>
-
- </answer>
- </qandaentry>
-
<qandaentry>
<question>
<indexterm><primary>file system</primary><secondary>permissions</secondary></indexterm>
Create the top-level file storage directories for data and applications as follows:
<screen>
-&rootprompt; mkdir -p /data/{accounts,finsvcs}
+&rootprompt; mkdir -p /data/{accounts,finsrvcs}
&rootprompt; mkdir -p /apps
&rootprompt; chown -R root:root /data
&rootprompt; chown -R root:root /apps
-&rootprompt; chown -R bjordan:accounts /data/accounts
-&rootprompt; chown -R bjordan:finsvcs /data/finsvcs
+&rootprompt; chown -R bjordan:acctsdep /data/accounts
+&rootprompt; chown -R bjordan:finsrvcs /data/finsrvcs
&rootprompt; chmod -R ug+rwxs,o-rwx /data
&rootprompt; chmod -R ug+rwx,o+rx-w /apps
</screen>
&rootprompt; chown -R root:root /var/spool/samba
&rootprompt; chown -R root:root /var/lib/samba
&rootprompt; chmod a+rwxt /var/spool/samba
+&rootprompt; chmod 2775 /var/lib/samba/profiles
+&rootprompt; chgrp users /var/lib/samba/profiles
</screen>
For each user account that is created on the system, the following commands should be
executed:
requests only when configured to do so. Ensure that your print queues are
set to accept incoming jobs by executing the following commands:
<screen>
-&rootprompt; /usr/bin/accept qmsa
-&rootprompt; /usr/bin/accept hplj6a
-&rootprompt; /usr/bin/accept qmsf
-&rootprompt; /usr/bin/accept hplj6f
+&rootprompt; /usr/sbin/accept qmsa
+&rootprompt; /usr/sbin/accept hplj6a
+&rootprompt; /usr/sbin/accept qmsf
+&rootprompt; /usr/sbin/accept hplj6f
</screen>
</para></step>
automatically at every system reboot. For example,
<indexterm><primary>chkconfig</primary></indexterm>
<screen>
-&rootprompt; chkconfig dhpc on
+&rootprompt; chkconfig dhpcd on
&rootprompt; chkconfig named on
&rootprompt; chkconfig cups on
&rootprompt; chkconfig smb on
Execute each of the following in the sequence shown:
<screen>
-&rootprompt; /etc/rc.d/init.d/dhcp restart
+&rootprompt; /etc/rc.d/init.d/dhcpd restart
&rootprompt; /etc/rc.d/init.d/named restart
&rootprompt; /etc/rc.d/init.d/cups restart
&rootprompt; /etc/rc.d/init.d/smb restart
projects / thirdparty / samba.git / commitdiff
