[Samba] samba & unix group permissions problems

Mariano Absatz el.baby at gmail.com
Wed Nov 4 04:47:44 MST 2009 

Paul te Bokkel escribió el 04/11/09 06:47:
> Sounds like your nsswitch.conf to me, perhaps in combination with your 
> ID backend. Check the output of:
> getent passwd <accountname>
>
> It should list any LDAP account, with the groups you have added them to..
>
Well...

"getent passwd mary" yelds just the "passwd" entry, something like:

mary:*:100036:100000:Mary James:/home/DOMAIN/mary:/bin/bash

nothing further than the primary Mary's group (100000).

However "getent group accountatns" does include mary:

accountants:*:97019:mary,patricia

My nsswitch.conf looks like this:

########### nsswitch.conf ###############
passwd:         files ldap [NOTFOUND=return] db
group:          files ldap [NOTFOUND=return] db
shadow:         files ldap

hosts:          files dns wins
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
########### nsswitch.conf ###############



and the ID backend parts of my smb.conf look like this:

################## smb.conf ##################
##################################################################################
# IDENTINTY MAPPING between windows and unix (SID <==> UID/GID)
# WINBIND
##################################################################################
# http://samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html
##################################################################################

idmap backend = ldap:ldap://ldap0.i.domain.org

# http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPUID
idmap uid = 90000-99999
# http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPGID
idmap gid = 90000-99999

# ALL relevant UID/GID are stored in LDAP
# http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#LDAPSAM:TRUSTED
ldapsam:trusted = yes
# Manage users directly on LDAP
# http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#LDAPSAM:EDITPOSIX
ldapsam:editposix = yes

# http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPCONFIG
# http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPBACKEND
idmap config DOMAIN:backend = ldap
idmap config DOMAIN:ldap_url = ldap://ldap0.i.domain.org
idmap config DOMAIN:ldap_user_dn = cn=admin,cn=config
idmap config DOMAIN:ldap_base_dn = ou=idmap,o=domain
idmap config DOMAIN:readonly = no
#idmap config DOMAIN:default = yes
#idmap config DOMAIN:range = 100000-500000
################## smb.conf ##################


I'm using samba 3.3.2 from the standard Ubuntu 9.04 packages 
(3.3.2-1ubuntu3.2), except that I rebuilt the ubuntu winbind package 
because the idmap ldap.so module is not included in it (see 
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/397203).




-- 
Mariano Absatz - "El Baby"
el.baby at gmail.com
www.clueless.com.ar


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Clarke's Third Law: Any sufficiently advanced technology is
indistinguishable from magic.
  Arthur C. Clarke, 1973
  English physicist & science fiction author (1917 - 2008)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
* TagZilla 0.066 * http://tagzilla.mozdev.org

More information about the samba mailing list