[Samba] Groups are not recognized any more

Gildas Bayard gildas.bayard at hds.utc.fr
Wed May 6 12:39:07 GMT 2009 

Hello,
I've just posted about a group management problem (mail was "Samba group 
management understanding")
While waiting for an answer I updated samba to the last version I could 
find for centos 4 which is 3.3.4.

Now group membership seems not to work anymore
I export this directory:
drwxrws---    2 root mt23   4096 mai  6 12:34 test_smb

with this smb.conf extract:
[test]
   path = /test_smb
   writable = yes
   valid users = @mt23
   create mask = 0770
   force group = mt23

then I try to access the "test" share from windows with user gbayard 
which belongs to group mt23 (result of command id gbayard follows)
uid=1217(gbayard) gid=14(sysadmin) 
groupes=14(sysadmin),2000(enseign),2015(mt23)

and I got the following in the logs:
[2009/05/06 13:56:50,  2] lib/smbldap.c:smbldap_open_connection(800)
  smbldap_open_connection: connection opened
[2009/05/06 13:56:50,  2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
  init_group_from_ldap: Entry found for group: 544
[2009/05/06 13:56:50,  2] lib/access.c:check_access(406)
  Allowed connection from pcgbayard-gi-2.utc (172.17.131.11)
[2009/05/06 13:56:50,  2] auth/auth.c:check_ntlm_password(318)
  check_ntlm_password:  Authentication for user [Heudiasyc] -> 
[Heudiasyc] FAILED with error NT_STATUS_NO_SUCH_USER
[2009/05/06 13:56:50,  2] auth/auth.c:check_ntlm_password(318)
  check_ntlm_password:  Authentication for user [Heudiasyc] -> 
[Heudiasyc] FAILED with error NT_STATUS_NO_SUCH_USER
[2009/05/06 13:56:50,  2] auth/auth.c:check_ntlm_password(318)
  check_ntlm_password:  Authentication for user [Heudiasyc] -> 
[Heudiasyc] FAILED with error NT_STATUS_NO_SUCH_USER
[2009/05/06 13:56:55,  2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
  init_sam_from_ldap: Entry found for user: gbayard
[2009/05/06 13:56:55,  2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
  init_group_from_ldap: Entry found for group: 14
[2009/05/06 13:56:55,  2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
  init_group_from_ldap: Entry found for group: 14
[2009/05/06 13:56:55,  2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
  init_group_from_ldap: Entry found for group: 2000
[2009/05/06 13:56:55,  2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
  init_group_from_ldap: Entry found for group: 2015
[2009/05/06 13:56:55,  2] auth/auth.c:check_ntlm_password(308)
  check_ntlm_password:  authentication for user [gbayard] -> [gbayard] 
-> [gbayard] succeeded
[2009/05/06 13:56:55,  2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
  init_group_from_ldap: Entry found for group: 544
[2009/05/06 13:56:55,  2] lib/access.c:check_access(406)
  Allowed connection from 172.17.131.11 (172.17.131.11)
[2009/05/06 13:56:55,  2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
  init_group_from_ldap: Entry found for group: 2015
[2009/05/06 13:56:55,  2] smbd/service.c:create_connection_server_info(659)
  user 'gbayard' (from session setup) not permitted to access this share 
(test)
[2009/05/06 13:56:55,  0] smbd/service.c:make_connection_snum(740)
  create_connection_server_info failed: NT_STATUS_ACCESS_DENIED

So it seems like mt23 group membership is detected but access is denied 
anyway.
Any hint?

Gildas

More information about the samba mailing list