[Samba] Not using AD group when writing file

Rowland Penny rowlandpenny at googlemail.com
Tue Dec 16 14:58:55 MST 2014


On 16/12/14 21:18, Carl Carpenter wrote:
> On 16/12/14 20:47, Carl Carpenter wrote:
>
> On 16/12/14 17:35, Carl Carpenter wrote:
>
> Forgot to mention that the permissions are also incorrect.  They are
> supposed to be 775 but come out as 744.
>
> Carl Carpenter
> Director, Information Services
> Hill Country MHDD Centers
> (830)258-5414 or ext. 2038
>
>
> On 12/11/2014 4:13 PM, Carl Carpenter wrote:
>
> Per your request
>
>      [global]
>            workgroup = HCCMHMRC
>            realm = HILLCOUNTRY.LOCAL
>            server string = Samba Server Version %v
>            security = ADS
>            log file = /var/log/samba/log.%m
>            max log size = 50
>            wins server = 192.168.0.7
>            default service = global
>            template homedir = /home/HCCMHMRC
>            template shell = /bin/bash
>            winbind enum users = Yes
>            winbind enum groups = Yes
>            winbind use default domain = Yes
>            idmap config * : range = 16777216-33554431
>            idmap config * : backend = tdb
>            cups options = raw
>
> [Intranet]
>            path = /home/Intranet
>            valid users = @intranet
>            read only = No
>
> Not sure what you mean by ACL on the folder but here's this:
>
> drwxrwxr-x   6 apache intranet 4096 Dec 10 14:34 Intranet
>
> Carl Carpenter
> Director, Information Services
> Hill Country MHDD Centers
> (830)258-5414 or ext. 2038
>
>
> On 12/11/2014 3:50 PM, Marc Muehlfeld wrote:
>
> Hello Carl,
>
> Am 11.12.2014 um 22:18 schrieb Carl Carpenter:
>
> Trying to get Samba configured correctly.  Am using Active Directory for
> authentication and that seems to be working correctly.  When creating a
> Share, Security and Access Control list the AD users and groups.  If I take
> my name out of the AD group, can't access the share.  Put my name in the
> group and I can access it.  However, when I write a file to the folder,
> while it shows my username, it shows domain users as the group instead of
> the group name.  I had this working on Centos 6.6 and am using the same
> instructions this time.  I'm sure I'm missing a setting somewhere but don't
> know what.  Haven't been able to find anything on the web that addresses
> it.  Any assistance will be appreciated.
>
> Can you please show us your smb.conf [global] and the share config? And
> also please the ACLs on this folder.
>
>
> Regards,
> Marc
>
>
>
> Hi, Are you using sssd as well ? otherwise there doesn't seem to be
> anything to get the user & group ID numbers.
>
> Also, to get the ACL's run this command:
>
> getfacl /home/Intranet
>
> Rowland
>
> =================================================
> No, I'm not using sssd.  I used authconfig to set up the initial
> authentication configuration.  Followed exactly the same steps I used for
> Centos 6/Samba 3.x and it worked perfectly.
>
> getfacl /home/Intranet
> getfacl: Removing leading '/' from absolute path names
> # file: home/Intranet
> # owner: apache
> # group: intranet
> user::rwx
> group::rwx
> other::r-x
>
>
>
> I think that you may be using sssd, but anyway, does 'getent <a domain
> user>' show anything.
>
> Rowland
>
> =============================================
> # getent apacheldap
> Unknown database: apacheldap
> Try `getent --help' or `getent --usage' for more information.
>
>
>
oops :-[

'getent passwd <a domain user>'

Rowland



More information about the samba mailing list