[Samba] Samba LDAP ignores group information
in [Samba]
|
From: alexander on 27 Jul 2010 14:10 Hi. Excuse my English. I've installed Samba+OpenLDAP as a PDC. Everything works fine but Samba ignores completely group information. Linux is ok. Any clue? I'm going crazy here! Here's the sittuation: user: fish1 home dir: /home/reaml/swim/fish1 primary group: swimmers other groups: smokers Directory of smoker's group: /home/realm/smokers Here's an 'ls -l' on smoker's parent dir: drwxrws--- 19 cigarr smokers 2208 Jul 27 2010 smokers Here's the share: [smokers] comment = Smoking path = /home/realm/smokers valid users = @smokers @swimmers @support public = no writable = yes browseable = yes create mask = 0777 force create mode = 0777 force directory mode = 0777 directory mode = 0777 Here's 'id' information: # id fish1 uid=1193(fish1) gid=1012(swimmers) groups=1013(smokers) So, when user fish1 try to enter in 'smokers' share: permission denied. If I give all permissions to 'others', fish1 can user the share normally. This only happen when I try to access using Windows. Linux is ok. Any idea? Seems to be an error between Samba and OpenLDAP... Here's smbldap-usershow: #smbldap-usershow fish1 dn: uid=fish1,ou=swimmers,ou=people,dc=example,dc=com objectClass: top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount cn: fish1 sn: fish1 givenName: fish1 uid: fish1 uidNumber: 1193 gidNumber: 1012 homeDirectory: /home/realm/swim/fish1 loginShell: /bin/bash gecos: System User sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 displayName: angela sambaSID: S-1-5-21-158730468-2379596502-3695168017-0001 sambaPrimaryGroupSID: S-1-5-21-158730468-2379596502-3695168017-0002 sambaLogonScript: swimmers.bat sambaProfilePath: \\REALMSERV\profiles\fish1 sambaHomePath: \\REALMSERV\fish1 sambaHomeDrive: U: sambaLMPassword: C665AEE66EF2A261AAD3B435B5143E3E sambaAcctFlags: [U] sambaNTPassword: 84AC02807D3D1C7000A79BD0E97BAEFEF sambaPwdLastSet: 1280219188 sambaPwdMustChange: 2144132788 userPassword: {CRYPT}c28JIqzpe43e shadowLastChange: 14817 shadowMax: 9999 Here's /etc/ldap.conf base dc=example,dc=com uri ldapi:///127.0.0.1 uri ldap://127.0.0.1 ldap_version 3 binddn cn=admin,dc=example,dc=com bindpw mysecret rootbinddn cn=admin,dc=example,dc=com scope sub bind_policy soft pam_filter objectclass=posixAccount pam_login_attribute uid pam_check_host_attr yes pam_member_attribute memberUid pam_password md5 nss_base_passwd ou=people,dc=example,dc=com?sub nss_base_passwd ou=computers,dc=example,dc=com?sub nss_base_group ou=groups,dc=example,dc=com?sub And the smbldap.conf: SID="S-1-5-21-158730468-2379596502-3695168017" sambaDomain="REALM" slaveLDAP="127.0.0.1" slavePort="389" masterLDAP="127.0.0.1" masterPort="389" ldapTLS="0" verify="require" cafile="" clientcert="" clientkey="" suffix="dc=example,dc=com" usersdn="ou=people,${suffix}" computersdn="ou=computers,${suffix}" groupsdn="ou=groups,${suffix}" sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}" scope="sub" hash_encrypt="CRYPT" userLoginShell="/bin/bash" userHome="/home/%U" userGecos="System User" defaultUserGid="543" defaultComputerGid="543" skeletonDir="/etc/skel" defaultMaxPasswordAge="9999" userSmbHome="\\REALMSERV\%U" userProfile="\\REALMSERV\profiles\%U" userHomeDirectoryMode="700" userHomeDrive="U:" userScript="%g.bat" mailDomain="example.com" with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd" with_slappasswd="0" slappasswd="/usr/sbin/slappasswd" And finaly, smb.conf: workgroup = REALM netbios name = REALMSERV server string = My Realm %v security = user encrypt passwords = yes load printers = yes log file = /var/log/samba/log.%m max log size = 50 os level = 33 local master = yes domain master = yes preferred master = yes domain logons = yes #admin users = god logon script = %g.bat logon path = \\%L\profiles\%U #logon path = \\%N\profiles\%U wins support = no dns proxy = no ldap passwd sync = yes ldap delete dn = yes passdb backend = ldapsam:ldap://127.0.0.1 ldap admin dn = cn=admin,dc=example,dc=com ldap suffix = dc=example,dc=com ldap group suffix = ou=groups ldap user suffix = ou=people ldap machine suffix = ou=computers create mask = 600 directory mask = 0700 passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 I'm lost... []s Alexander Brazil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: [Samba] [samba] DNS update failed! Next: Samba LDAP ignores group information |