Hi,

We've been experimenting with joining and Alpine server to a domain and using it as a file server. winbind is working normally, I can lookup users and groups etc from the Alpine console. But I don't know how we can set domain account permissions on the file system folder we want to share out.

For example, on other operating systems we can just run: chown -R domain+account folder
We can do this because we can edit the passwd and group lines in /etc/nsswitch.conf as below
group: files winbind
passwd: files winbind

I have read a lot online that seems to indicate that busybox and musl don't use or support nsswitch.conf. Is there a way around this so we can set AD account permissions on the file system?

Thanks

David

i'm afraid this cannot be possible.. also u cannot set different permission
for mixed users..

at leas not in busibox.. maybe with more installed programs.. but i dont
remember wicht

Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com


El lun., 13 de ene. de 2020 a la(s) 19:36, David Davies (
David.Davies@cybersecure.com) escribió:

> Hi,
>
> We've been experimenting with joining and Alpine server to a domain and
> using it as a file server. winbind is working normally, I can lookup users
> and groups etc from the Alpine console. But I don't know how we can set
> domain account permissions on the file system folder we want to share out.
>
> For example, on other operating systems we can just run: chown
> -R domain+account folder
> We can do this because we can edit the passwd and group lines in /etc/nsswitch.conf
> as below
> group: files winbind
> passwd: files winbind
>
> I have read a lot online that seems to indicate that busybox and musl
> don't use or support nsswitch.conf. Is there a way around this so we can
> set AD account permissions on the file system?
>
> Thanks
>
> David
>
>

I thought maybe with packages such as:

- samba-libnss-winbind

- pam-winbind

- libnfsidmap

- nfs-utils-dev


Maybe it could be possible?


Or is there a completely different way to do this?

________________________________
From: PICCORO McKAY Lenz <mckaygerhard@gmail.com>
Sent: Tuesday, 14 January 2020 2:05:09 PM
To: David Davies
Cc: alpine-user@lists.alpinelinux.org
Subject: Re: samba shares and nsswitch.conf

i'm afraid this cannot be possible.. also u cannot set different permission for mixed users..

at leas not in busibox.. maybe with more installed programs.. but i dont remember wicht

Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com


El lun., 13 de ene. de 2020 a la(s) 19:36, David Davies (David.Davies@cybersecure.com<mailto:David.Davies@cybersecure.com>) escribió:
Hi,

We've been experimenting with joining and Alpine server to a domain and using it as a file server. winbind is working normally, I can lookup users and groups etc from the Alpine console. But I don't know how we can set domain account permissions on the file system folder we want to share out.

For example, on other operating systems we can just run: chown -R domain+account folder
We can do this because we can edit the passwd and group lines in /etc/nsswitch.conf as below
group: files winbind
passwd: files winbind

I have read a lot online that seems to indicate that busybox and musl don't use or support nsswitch.conf. Is there a way around this so we can set AD account permissions on the file system?

Thanks

David

On Mon, 13 Jan 2020 23:35:54 +0000
David Davies <David.Davies@cybersecure.com> wrote:

> I have read a lot online that seems to indicate that busybox and musl
> don't use or support nsswitch.conf. Is there a way around this so we
> can set AD account permissions on the file system?

It should be possible with musl-nscd package.
https://github.com/pikhq/musl-nscd

-nc

El mar., 14 de ene. de 2020 a la(s) 03:08, Natanael Copa (
ncopa@alpinelinux.org) escribió:

> > I have read a lot online that seems to indicate that busybox and musl
> > don't use or support nsswitch.conf. Is there a way around this so we
> > can set AD account permissions on the file system?
>


> It should be possible with musl-nscd package.
> https://github.com/pikhq/musl-nscd
>
GOD saves natanael!


>
> -nc
>

Just a progress update on this, I've installed musl-nscd successfully and created a bare bones nsswitch.conf which looks like this:
group:  winbind
passwd: winbind

I can start the service but getent passwd or getent group still only returns local accounts and groups. libnss_winbind is happily installed and wbinfo works as expected.

If I make nsswitch.conf look a bit more sensible, such as 
group:  files winbind
passwd: files winbind

and try and start the nscd service, I get this error:
nscd: libnss_files.so: Error loading shared library libnss_files.so: No such file or directory
 * start-stop-daemon: failed to start `/usr/sbin/nscd'
 * Failed to start nscd                                                                                                [ !! ]
 * ERROR: nscd failed to start

It looks like nscd will try and load any file named libnss_*.so from /usr/lib/
At face value it looks like nscd isn't doing anything, does anyone have any suggestions to get this working?

A secondary issue I'm seeing is there is no standalone winbindd service, it looks to be a part of the samba service. However starting samba does not start winbindd, I have to run it manually. /etc/init.d/samba looks like it should start winbindd, so not certain what the problem might be.

Happy to test any suggestions anyone might have :-)

Thanks

Dave



> On 15 Jan 2020, at 01:24, PICCORO McKAY Lenz <mckaygerhard@gmail.com> wrote:
> 
> El mar., 14 de ene. de 2020 a la(s) 03:08, Natanael Copa (ncopa@alpinelinux.org) escribió:
> > I have read a lot online that seems to indicate that busybox and musl
> > don't use or support nsswitch.conf. Is there a way around this so we
> > can set AD account permissions on the file system?
>  
> It should be possible with musl-nscd package.
> https://github.com/pikhq/musl-nscd
> GOD saves natanael!
>  
> 
> -nc