group permissions not setting correctly.
in [Samba]
|
From: tms3 on 9 Jul 2010 17:20 > > On Samba 3.5.4, I have a share that should be writable by all in the > Domain > Users group. When I write to the share, the permission mode is > correct but > the data doesn't have the correct group and instead lists the username > as > the group. Do you have: pam_ldap/nss_ldap .conf setup correctly (They may be the same file depending on Linux OS. Ubuntu server uses same file.)? nsswitch.conf set up correctly? > > I tried using "force group" but the share stopped being > accessible after a restart so I removed it. It doesn't seem like this > is > standard behavior so I'm not sure what could be causing it. > > Relevant smb.conf info: > > [global] > workgroup = domain > netbios name = fs > server string = domauin FS > passdb backend = ldapsam:ldap://127.0.0.1 > printcap name = cups > printing = cups > security = user > log level = 3 > name resolve order = wins bcast hosts > > ldap ssl = off > ldap admin dn = cn=root,dc=domain,dc=com > ldap suffix = dc=domain,dc=com > ldap user suffix = ou=Users > ldap group suffix = ou=Group > ldap idmap suffix = ou=Idmap > ldap machine suffix = ou=Computers > > ldap delete dn = Yes > add user script = /usr/sbin/smbldap-useradd -m "%u" > add machine script = /usr/sbin/smbldap-useradd -w "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" > "%g" > set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" > delete user script = /usr/sbin/smbldap-userdel "%u" > delete group script = /usr/sbin/smbldap-groupdel "%g" > logon path = \\%L\profiles\%U > logon drive = H: > logon home = \\%L\%U > #logon script = %U.bat > logon script = logon.bat > > domain master = Yes > domain logons = Yes > os level = 35 > preferred master = Yes > > idmap uid = 15000-20000 > idmap gid = 15000-20000 > > passwd program = /usr/bin/passwd '%u' > unix password sync = yes > passwd chat = "*New UNIX password*" %n\n "*Retype new UNIX password*" > %n\n > "*updated successfully*" > enable privileges = yes > username map = /etc/samba/smbusers > wins support = yes > > [public] > path = /data/public > create mask = 0775 > create mode = 0775 > directory mask = 0775 > guest ok = no > browseable = Yes > writable = yes > write list = "@Domain Users" > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: delpheye on 12 Jul 2010 14:20 On Fri, Jul 9, 2010 at 4:16 PM, <tms3(a)tms3.com> wrote: > > On Samba 3.5.4, I have a share that should be writable by all in the Domain > Users group. When I write to the share, the permission mode is correct but > the data doesn't have the correct group and instead lists the username as > the group. > > Do you have: > > pam_ldap/nss_ldap .conf setup correctly (They may be the same file > depending on Linux OS. Ubuntu server uses same file.)? > > nsswitch.conf set up correctly? > As far as I am aware, yes. /etc/nsswitch.conf: passwd: files ldap shadow: files ldap group: files ldap hosts: files dns wins bootparams: files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files ldap publickey: files automount: files ldap aliases: files /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so I tried using "force group" but the share stopped being > accessible after a restart so I removed it. It doesn't seem like this is > standard behavior so I'm not sure what could be causing it. > > Relevant smb.conf info: > > [global] > workgroup = domain > netbios name = fs > server string = domauin FS > passdb backend = ldapsam:ldap://127.0.0.1 > printcap name = cups > printing = cups > security = user > log level = 3 > name resolve order = wins bcast hosts > > ldap ssl = off > ldap admin dn = cn=root,dc=domain,dc=com > ldap suffix = dc=domain,dc=com > ldap user suffix = ou=Users > ldap group suffix = ou=Group > ldap idmap suffix = ou=Idmap > ldap machine suffix = ou=Computers > > ldap delete dn = Yes > add user script = /usr/sbin/smbldap-useradd -m "%u" > add machine script = /usr/sbin/smbldap-useradd -w "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" > set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" > delete user script = /usr/sbin/smbldap-userdel "%u" > delete group script = /usr/sbin/smbldap-groupdel "%g" > logon path = \\%L\profiles\%U > logon drive = H: > logon home = \\%L\%U > #logon script = %U.bat > logon script = logon.bat > > domain master = Yes > domain logons = Yes > os level = 35 > preferred master = Yes > > idmap uid = 15000-20000 > idmap gid = 15000-20000 > > passwd program = /usr/bin/passwd '%u' > unix password sync = yes > passwd chat = "*New UNIX password*" %n\n "*Retype new UNIX password*" %n\n > "*updated successfully*" > enable privileges = yes > username map = /etc/samba/smbusers > wins support = yes > > [public] > path = /data/public > create mask = 0775 > create mode = 0775 > directory mask = 0775 > guest ok = no > browseable = Yes > writable = yes > write list = "@Domain Users" > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: [Samba] group permissions not setting correctly. Next: Another WINS Question/Issue |