[Samba] Groups are not recognized any more
Gildas Bayard
gildas.bayard at hds.utc.fr
Wed May 6 12:39:07 GMT 2009
Hello,
I've just posted about a group management problem (mail was "Samba group
management understanding")
While waiting for an answer I updated samba to the last version I could
find for centos 4 which is 3.3.4.
Now group membership seems not to work anymore
I export this directory:
drwxrws--- 2 root mt23 4096 mai 6 12:34 test_smb
with this smb.conf extract:
[test]
path = /test_smb
writable = yes
valid users = @mt23
create mask = 0770
force group = mt23
then I try to access the "test" share from windows with user gbayard
which belongs to group mt23 (result of command id gbayard follows)
uid=1217(gbayard) gid=14(sysadmin)
groupes=14(sysadmin),2000(enseign),2015(mt23)
and I got the following in the logs:
[2009/05/06 13:56:50, 2] lib/smbldap.c:smbldap_open_connection(800)
smbldap_open_connection: connection opened
[2009/05/06 13:56:50, 2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
init_group_from_ldap: Entry found for group: 544
[2009/05/06 13:56:50, 2] lib/access.c:check_access(406)
Allowed connection from pcgbayard-gi-2.utc (172.17.131.11)
[2009/05/06 13:56:50, 2] auth/auth.c:check_ntlm_password(318)
check_ntlm_password: Authentication for user [Heudiasyc] ->
[Heudiasyc] FAILED with error NT_STATUS_NO_SUCH_USER
[2009/05/06 13:56:50, 2] auth/auth.c:check_ntlm_password(318)
check_ntlm_password: Authentication for user [Heudiasyc] ->
[Heudiasyc] FAILED with error NT_STATUS_NO_SUCH_USER
[2009/05/06 13:56:50, 2] auth/auth.c:check_ntlm_password(318)
check_ntlm_password: Authentication for user [Heudiasyc] ->
[Heudiasyc] FAILED with error NT_STATUS_NO_SUCH_USER
[2009/05/06 13:56:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
init_sam_from_ldap: Entry found for user: gbayard
[2009/05/06 13:56:55, 2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
init_group_from_ldap: Entry found for group: 14
[2009/05/06 13:56:55, 2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
init_group_from_ldap: Entry found for group: 14
[2009/05/06 13:56:55, 2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
init_group_from_ldap: Entry found for group: 2000
[2009/05/06 13:56:55, 2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
init_group_from_ldap: Entry found for group: 2015
[2009/05/06 13:56:55, 2] auth/auth.c:check_ntlm_password(308)
check_ntlm_password: authentication for user [gbayard] -> [gbayard]
-> [gbayard] succeeded
[2009/05/06 13:56:55, 2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
init_group_from_ldap: Entry found for group: 544
[2009/05/06 13:56:55, 2] lib/access.c:check_access(406)
Allowed connection from 172.17.131.11 (172.17.131.11)
[2009/05/06 13:56:55, 2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
init_group_from_ldap: Entry found for group: 2015
[2009/05/06 13:56:55, 2] smbd/service.c:create_connection_server_info(659)
user 'gbayard' (from session setup) not permitted to access this share
(test)
[2009/05/06 13:56:55, 0] smbd/service.c:make_connection_snum(740)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
So it seems like mt23 group membership is detected but access is denied
anyway.
Any hint?
Gildas
More information about the samba
mailing list