Samba + LDAP: Changing user's group
in [Samba]
|
From: davefu on 21 Dec 2009 10:10 Bump Wes Deviers wrote: > > I'm having this same problem, but it's new. Using 3.4.2 Debian packages, > recently upgraded. I never had any type of LDAP group caching problem > until > the last 2 weeks. I added a user to an LDAP group as normal because they > needed access to a new share. Cleared the nscd caches as normal. The > service > definition uses > > force group = +groupName > valid users = @admins, @groupName > write list = @admins, @groupName > > All of the people previously in @groupName retain access to the share. > The > person I just added cannot access it. getent, groups, etc all return the > correct group membership. If I add the account explicitly to valid users > & > write list, it works as soon as I do an smbd reload. > > Did some behavior change or have we stumbled on a new bug? > > Wes > > > > On Monday 30 November 2009 07:29:33 am davefu wrote: >> >> Hi, thanks for answering. >> >> I have only 1 Samba server. When I mentioned changes on groups, I meant >> on >> LDAP server. LDAP is used on both system and samba environments. When >> changing groups on users, those changes are instant on the system >> environment, but not on Samba. >> >> - I create a new "Folder A", with full permissions for "Group A" >> - "User B" (belonging to group B), logs via SSH to the server, and can't >> access the "Folder A". >> - "User B" logs via Samba using his Windows desktop machine, and can't >> access the "Folder A" (previously configured inside a Samba Resource). >> - Now I add "User B" to "Group A" via LDAP. He belongs now to "Group A" >> and >> "Group B". >> - Getent group | grep "User B" shows correctly both groups on the user. >> - "User B" correctly access "Folder A", write files, etc via console, >> ssh, >> or any kind of regular system authentication (since system is using pam >> libraries, configured to use LDAP as backend). >> - "User B" still can't access "Folder A" in any way. Samba has cached >> "User >> B" credentials, and haven't checked LDAP again for a while. The only >> option >> is to restart Samba, or wait randomly until Samba refreshes / syncs LDAP >> info about that user again. >> >> Hope this little story explains my problem better. >> Sorry for my english. >> >> Thanks! >> >> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > -- View this message in context: http://old.nabble.com/Samba-%2B-LDAP%3A-Changing-user%27s-group-tp26421317p26870920.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
First
|
Prev
|
Pages: 1 2 Prev: [Samba] Samba + LDAP: Changing user's group Next: [Samba] Samba DC questions |