[Samba] Samba4 binding LDAP Server
Danilo Mussolini
danilo at mdotti.com
Mon Jun 2 08:22:24 MDT 2014
No, for sure they aren't. This user and groups only exist in the LDAP
database.
Danilo Mussolini
danilo at mdotti.com
On Jun 2, 2014 10:04 AM, "Rowland Penny" <rowlandpenny at googlemail.com>
wrote:
> On 02/06/14 13:57, Danilo Mussolini wrote:
>
>> [root at Nemesis ~]# getfacl /u01/
>> getfacl: Removing leading '/' from absolute path names
>> # file: u01/
>> # owner: root
>> # group: o2pos
>> # flags: -s-
>> user::rwx
>> group::rwx
>> other::r-x
>>
>>
>> After setacl, looks like this:
>>
>>
>> [root at Nemesis ~]# getfacl /u01
>> getfacl: Removing leading '/' from absolute path names
>> # file: u01
>> # owner: root
>> # group: o2pos
>> # flags: -s-
>> user::rwx
>> group::rwx
>> group:o2pos:rw-
>> mask::rwx
>> other::r-x
>>
>>
>> Still not working. Maybe there is a bug in Samba4 when taking users and
>> groups from a LDAP database.
>>
>>
>>
>>
>>
>>
>>
>> On Mon, Jun 2, 2014 at 8:57 AM, steve <steve at steve-ss.com> wrote:
>>
>> On Sun, 2014-06-01 at 22:28 -0300, Danilo Mussolini wrote:
>>>
>>>> Yes, maybe I'm wrong naming that.
>>>> As Rowland said it is a standalone server which authenticates users
>>>> from LDAP.
>>>>
>>>>
>>>> I have just noticed something in my tests with this file server. As
>>>> mentioned before, I have the following share:
>>>>
>>>>
>>>> [Test]
>>>> comment = test
>>>> path = /u01
>>>> read only = no
>>>>
>>>>
>>>>
>>>>
>>>> And /u01 folder has the following permissions:
>>>>
>>>>
>>>> drwxrwsr-x 5 root o2pos 4096 Jun 1 13:16 u01
>>>>
>>>> What does:
>>> getfacl /u01
>>> look like?
>>>
>>>
>>>>
>>>>
>>>> I'm authenticating with the user mussolini (which is my name :)) from
>>>> the LDAP database:
>>>> [root at Nemesis ~]# id mussolini
>>>> uid=3001(mussolini) gid=3001(mussolini)
>>>> groups=3001(mussolini),3003(admins),3014(o2pos)
>>>>
>>>>
>>>>
>>>>
>>>> The authentication is done and the share Test is mounted successfully,
>>>> but even my user been a member of "o2pos" group, I can't write in
>>>> this folder. So, if I change the group owner of the u01 folder to
>>>> "admins" (which also has my user as member) I can write files and
>>>> folders normally in the Test share. Curious , isn't it ?
>>>>
>>>>
>>>> Just to remember, this only happens in Samba4.
>>>>
>>>> try:
>>> setfacl -m -R g:o2pos:rw /u01
>>>
>>> HTH
>>> Steve
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>> As we have found out that this is a standalone server with users &
> groups in LDAP and that users are connecting from other machines, can I ask
> what might be a stupid question, are the LDAP users and groups also local
> users & groups on the standalone server ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list