Samba-3.6.5 "force group = domain\group" parameter results in group to faulty GID(always 1008)

25Dollar Tech 25dollartechhelp at gmail.com
Mon Oct 15 04:59:42 MDT 2012


What is the backend auth for samba

On Mon, Oct 15, 2012 at 2:16 PM, jinyunshuai <jinyunshuai at 126.com> wrote:

> Hi list,
>
> I have a problem about  Samba-3.6.5 "force group = domain\group" parameter
> results in group to faulty GID(always 1008).
> the reproduce steps as:
>
> Note:sau1 is a normal AD user from asmb.test, but it is not a member of
> group
> "asmb\sag1", the machine joined to asmb.test domain. asmb\sag1'gid is 10001
>
> 1>Edit smb.conf, then set "force group = asmb\sag1" for samba share named
> samba-test
> =====================================================================
> [samba-test]
> path = /samba-test
> public = yes
> force create mode = 0775
> force directory mode = 0775
> force group = asmb\sag1
> writable = yes
> =====================================================================
>
> 2>Access samba share via "sau1",and create a directory named "test"
> =====================================================================
> [root at rhel57v3 samba]# smbclient -U sau1%password
> //server-ip/samba-test
>
> smb: \> mkdir test
> =====================================================================
>
> 3>Go to "samba-test", check the directory' attribute which is created in
> step#3
> =====================================================================
> [root at rhel57v3 samba-test]# ls -al
> total 32
> drwxrwxrwx  4 root root 4096 Oct 11 13:43 .
> drwxr-xr-x 26 root root 4096 Oct 11 13:40 ..
> drwxrwxr-x  2 sac2 sag1 4096 Oct 11 13:43 samba
> drwxrwxr-x  2 sbu1 1008 4096 Oct 11 13:42 test  <-------This is unexpected,
> directory's group should be "sag1",not 1008.
>
>
> The relevant logs as:
> [2012/10/14 01:32:59.274669,  4] smbd/reply.c:794(reply_tcon_and_X)
>   Client requested device type [?????] for share [SAMBA-TEST]
> [2012/10/14 01:32:59.274738,  5] smbd/service.c:1321(make_connection)
>   making a connection to 'normal' service samba-test
> [2012/10/14 01:32:59.274792,  3] lib/access.c:338(allow_access)
>   Allowed connection from 10.100.60.34 (10.100.60.34)
> [2012/10/14 01:32:59.274842, 10] smbd/share_access.c:241(user_ok_token)
>   user_ok_token: share samba-test is ok for unix user ASMB\sau1
> [2012/10/14 01:32:59.275127,  5] lib/username.c:171(Get_Pwnam_alloc)
>   Finding user ASMB\sau1
> [2012/10/14 01:32:59.275198,  5] lib/username.c:116(Get_Pwnam_internals)
>   Trying _Get_Pwnam(), username as lowercase is asmb\sau1
> [2012/10/14 01:32:59.275246,  5] lib/username.c:149(Get_Pwnam_internals)
>   Get_Pwnam_internals did find user [ASMB\sau1]!
> [2012/10/14 01:32:59.275319, 10] passdb/lookup_sid.c:76(lookup_name)
>   lookup_name: asmb\sag1 => domain=[asmb], name=[sag1]
> [2012/10/14 01:32:59.275397, 10] passdb/lookup_sid.c:77(lookup_name)
>   lookup_name: flags = 0x077
> [2012/10/14 01:32:59.283457, 10] passdb/lookup_sid.c:1636(sid_to_gid)
>   sid S-1-5-21-389355910-562143428-3661938687-1110 -> gid 1008
> <<<< to faulty GID, it should 10001
>
>
> [2012/10/14 01:32:59.283526,  3] smbd/service.c:581(find_forced_group)
>   Forced group asmb\sag1
> [2012/10/14 01:32:59.283578, 10] smbd/service.c:162(set_conn_connectpath)
>   set_conn_connectpath: service samba-test, connectpath = /samba-test
> [2012/10/14 01:32:59.283627,  3] smbd/service.c:837(make_connection_snum)
>   Connect path is '/samba-test' for service [samba-test]
> [2012/10/14 01:32:59.283688, 10]
> ../libcli/security/access_check.c:58(se_map_generic)
>   se_map_generic(): mapped mask 0x10000000 to 0x001f01ff
>
> any tips will be very grateful .
>
> Thanks
> kingson.
>
>


-- 
*Thanks & Regards,
25dollarTech Team
https://sites.google.com/site/25dollartech/*
*Email: 25dollartechhelp at gmail.com*


More information about the samba-technical mailing list