Samba-3.6.5 "force group = domain\group" parameter results in group to faulty GID(always 1008)

jinyunshuai jinyunshuai at 126.com
Mon Oct 15 04:16:55 MDT 2012 

Hi list,
 
I have a problem about  Samba-3.6.5 "force group = domain\group" parameter results in group to faulty GID(always 1008).
the reproduce steps as:
 
Note:sau1 is a normal AD user from asmb.test, but it is not a member of group
"asmb\sag1", the machine joined to asmb.test domain. asmb\sag1'gid is 10001

1>Edit smb.conf, then set "force group = asmb\sag1" for samba share named
samba-test
=====================================================================
[samba-test]
path = /samba-test
public = yes
force create mode = 0775
force directory mode = 0775
force group = asmb\sag1
writable = yes
=====================================================================

2>Access samba share via "sau1",and create a directory named "test"
=====================================================================
[root at rhel57v3 samba]# smbclient -U sau1%password
//server-ip/samba-test

smb: \> mkdir test
=====================================================================

3>Go to "samba-test", check the directory' attribute which is created in
step#3
=====================================================================
[root at rhel57v3 samba-test]# ls -al
total 32
drwxrwxrwx  4 root root 4096 Oct 11 13:43 .
drwxr-xr-x 26 root root 4096 Oct 11 13:40 ..
drwxrwxr-x  2 sac2 sag1 4096 Oct 11 13:43 samba
drwxrwxr-x  2 sbu1 1008 4096 Oct 11 13:42 test  <-------This is unexpected,
directory's group should be "sag1",not 1008.
 
 
The relevant logs as:
[2012/10/14 01:32:59.274669,  4] smbd/reply.c:794(reply_tcon_and_X)
  Client requested device type [?????] for share [SAMBA-TEST]
[2012/10/14 01:32:59.274738,  5] smbd/service.c:1321(make_connection)
  making a connection to 'normal' service samba-test
[2012/10/14 01:32:59.274792,  3] lib/access.c:338(allow_access)
  Allowed connection from 10.100.60.34 (10.100.60.34)
[2012/10/14 01:32:59.274842, 10] smbd/share_access.c:241(user_ok_token)
  user_ok_token: share samba-test is ok for unix user ASMB\sau1
[2012/10/14 01:32:59.275127,  5] lib/username.c:171(Get_Pwnam_alloc)
  Finding user ASMB\sau1
[2012/10/14 01:32:59.275198,  5] lib/username.c:116(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as lowercase is asmb\sau1
[2012/10/14 01:32:59.275246,  5] lib/username.c:149(Get_Pwnam_internals)
  Get_Pwnam_internals did find user [ASMB\sau1]!
[2012/10/14 01:32:59.275319, 10] passdb/lookup_sid.c:76(lookup_name)
  lookup_name: asmb\sag1 => domain=[asmb], name=[sag1]
[2012/10/14 01:32:59.275397, 10] passdb/lookup_sid.c:77(lookup_name)
  lookup_name: flags = 0x077
[2012/10/14 01:32:59.283457, 10] passdb/lookup_sid.c:1636(sid_to_gid)
  sid S-1-5-21-389355910-562143428-3661938687-1110 -> gid 1008   
<<<< to faulty GID, it should 10001


[2012/10/14 01:32:59.283526,  3] smbd/service.c:581(find_forced_group)
  Forced group asmb\sag1
[2012/10/14 01:32:59.283578, 10] smbd/service.c:162(set_conn_connectpath)
  set_conn_connectpath: service samba-test, connectpath = /samba-test
[2012/10/14 01:32:59.283627,  3] smbd/service.c:837(make_connection_snum)
  Connect path is '/samba-test' for service [samba-test]
[2012/10/14 01:32:59.283688, 10]
../libcli/security/access_check.c:58(se_map_generic)
  se_map_generic(): mapped mask 0x10000000 to 0x001f01ff

any tips will be very grateful .
 
Thanks
kingson.

More information about the samba-technical mailing list