samba & unix group permissions problems
in [Samba]
|
From: Mariano Absatz on 4 Nov 2009 06:50 Paul te Bokkel escribió el 04/11/09 06:47: > Sounds like your nsswitch.conf to me, perhaps in combination with your > ID backend. Check the output of: > getent passwd <accountname> > > It should list any LDAP account, with the groups you have added them to.. > Well... "getent passwd mary" yelds just the "passwd" entry, something like: mary:*:100036:100000:Mary James:/home/DOMAIN/mary:/bin/bash nothing further than the primary Mary's group (100000). However "getent group accountatns" does include mary: accountants:*:97019:mary,patricia My nsswitch.conf looks like this: ########### nsswitch.conf ############### passwd: files ldap [NOTFOUND=return] db group: files ldap [NOTFOUND=return] db shadow: files ldap hosts: files dns wins networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis ########### nsswitch.conf ############### and the ID backend parts of my smb.conf look like this: ################## smb.conf ################## ################################################################################## # IDENTINTY MAPPING between windows and unix (SID <==> UID/GID) # WINBIND ################################################################################## # http://samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html ################################################################################## idmap backend = ldap:ldap://ldap0.i.domain.org # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPUID idmap uid = 90000-99999 # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPGID idmap gid = 90000-99999 # ALL relevant UID/GID are stored in LDAP # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#LDAPSAM:TRUSTED ldapsam:trusted = yes # Manage users directly on LDAP # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#LDAPSAM:EDITPOSIX ldapsam:editposix = yes # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPCONFIG # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPBACKEND idmap config DOMAIN:backend = ldap idmap config DOMAIN:ldap_url = ldap://ldap0.i.domain.org idmap config DOMAIN:ldap_user_dn = cn=admin,cn=config idmap config DOMAIN:ldap_base_dn = ou=idmap,o=domain idmap config DOMAIN:readonly = no #idmap config DOMAIN:default = yes #idmap config DOMAIN:range = 100000-500000 ################## smb.conf ################## I'm using samba 3.3.2 from the standard Ubuntu 9.04 packages (3.3.2-1ubuntu3.2), except that I rebuilt the ubuntu winbind package because the idmap ldap.so module is not included in it (see https://bugs.launchpad.net/ubuntu/+source/samba/+bug/397203). -- Mariano Absatz - "El Baby" el.baby(a)gmail.com www.clueless.com.ar -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Clarke's Third Law: Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke, 1973 English physicist & science fiction author (1917 - 2008) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- * TagZilla 0.066 * http://tagzilla.mozdev.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Mariano Absatz on 6 Nov 2009 17:10 Any hints, anyone?... On Wed, Nov 4, 2009 at 08:47, Mariano Absatz <el.baby(a)gmail.com> wrote: > Paul te Bokkel escribió el 04/11/09 06:47: >> >> Sounds like your nsswitch.conf to me, perhaps in combination with your ID >> backend. Check the output of: >> getent passwd <accountname> >> >> It should list any LDAP account, with the groups you have added them to.. >> > Well... > > "getent passwd mary" yelds just the "passwd" entry, something like: > > mary:*:100036:100000:Mary James:/home/DOMAIN/mary:/bin/bash > > nothing further than the primary Mary's group (100000). > > However "getent group accountatns" does include mary: > > accountants:*:97019:mary,patricia > > My nsswitch.conf looks like this: > > ########### nsswitch.conf ############### > passwd: files ldap [NOTFOUND=return] db > group: files ldap [NOTFOUND=return] db > shadow: files ldap > > hosts: files dns wins > networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > netgroup: nis > ########### nsswitch.conf ############### > > > > and the ID backend parts of my smb.conf look like this: > > ################## smb.conf ################## > ################################################################################## > # IDENTINTY MAPPING between windows and unix (SID <==> UID/GID) > # WINBIND > ################################################################################## > # http://samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html > ################################################################################## > > idmap backend = ldap:ldap://ldap0.i.domain.org > > # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPUID > idmap uid = 90000-99999 > # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPGID > idmap gid = 90000-99999 > > # ALL relevant UID/GID are stored in LDAP > # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#LDAPSAM:TRUSTED > ldapsam:trusted = yes > # Manage users directly on LDAP > # > http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#LDAPSAM:EDITPOSIX > ldapsam:editposix = yes > > # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPCONFIG > # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPBACKEND > idmap config DOMAIN:backend = ldap > idmap config DOMAIN:ldap_url = ldap://ldap0.i.domain.org > idmap config DOMAIN:ldap_user_dn = cn=admin,cn=config > idmap config DOMAIN:ldap_base_dn = ou=idmap,o=domain > idmap config DOMAIN:readonly = no > #idmap config DOMAIN:default = yes > #idmap config DOMAIN:range = 100000-500000 > ################## smb.conf ################## > > > I'm using samba 3.3.2 from the standard Ubuntu 9.04 packages > (3.3.2-1ubuntu3.2), except that I rebuilt the ubuntu winbind package because > the idmap ldap.so module is not included in it (see > https://bugs.launchpad.net/ubuntu/+source/samba/+bug/397203). > > > > > -- > Mariano Absatz - "El Baby" > el.baby(a)gmail.com > www.clueless.com.ar > > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Clarke's Third Law: Any sufficiently advanced technology is > indistinguishable from magic. > Arthur C. Clarke, 1973 > English physicist & science fiction author (1917 - 2008) > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > * TagZilla 0.066 * http://tagzilla.mozdev.org > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- Mariano Absatz - El Baby www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Mariano Absatz on 7 Nov 2009 15:30 On Sat, Nov 7, 2009 at 07:32, vishesh kumar <linuxtovishesh(a)gmail.com> wrote: > Dear mariano > > Why you not using 'force group' parameter . This will set group owner of > newly created folder correctly. That I tried to no avail... it didn't work either :-( -- Mariano Absatz - El Baby www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Mariano Absatz on 2 Dec 2009 15:00 On Sat, Nov 7, 2009 at 17:21, Mariano Absatz <el.baby(a)gmail.com> wrote: > On Sat, Nov 7, 2009 at 07:32, vishesh kumar <linuxtovishesh(a)gmail.com> wrote: >> Dear mariano >> >> Why you not using 'force group' parameter . This will set group owner of >> newly created folder correctly. > That I tried to no avail... it didn't work either :-( Hi... I'm sorry I didn't follow this up on time... I did eventually solve it and wanted to share what the problem was. The problem was that the uidNumber of the users involved, as they had been created 'before samba', I had left them out of the idmap range and somehow samba was either trying to generate new unix user id's or something. Widening the idmap range to cover the already created uidNumber's solved the problem. -- Mariano Absatz - El Baby www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: [Samba] samba & unix group permissions problems Next: Can't compile 3.4.0 Binary on solarisx86 |