Samba-3.6.5 "force group = domain\group" parameter results in group to faulty GID(always 1008)

jinyunshuai jinyunshuai at 126.com
Mon Oct 15 20:25:54 MDT 2012






At 2012-10-15 22:05:09,jinyunshuai <jinyunshuai at 126.com> wrote:




If use "force group = sag1" instead of "force group = asmb\sag1" can work
arround this issue.





At 2012-10-15 22:01:30,jinyunshuai <jinyunshuai at 126.com> wrote:
>
>auth methods = guest, sam, winbind, ntdomain
>    machine password timeout = 0
>    passdb backend = tdbsam:/etc/samba/private/passdb.tdb
>   idmap config * : backend  = tdb
>   idmap config * : range = 1000 - 200000000
>    idmap config * : base_tdb = 0
> 
> 
>thanks
>
>
>
>
>At 2012-10-15 18:59:42,"25Dollar Tech" <25dollartechhelp at gmail.com> wrote:
>
>What is the backend auth for samba
>
>
>On Mon, Oct 15, 2012 at 2:16 PM, jinyunshuai <jinyunshuai at 126.com> wrote:
>Hi list,
>
>I have a problem about  Samba-3.6.5 "force group = domain\group" parameter results in group to faulty GID(always 1008).
>the reproduce steps as:
>
>Note:sau1 is a normal AD user from asmb.test, but it is not a member of group
>"asmb\sag1", the machine joined to asmb.test domain. asmb\sag1'gid is 10001
>
>1>Edit smb.conf, then set "force group = asmb\sag1" for samba share named
>samba-test
>=====================================================================
>[samba-test]
>path = /samba-test
>public = yes
>force create mode = 0775
>force directory mode = 0775
>force group = asmb\sag1
>writable = yes
>=====================================================================
>
>2>Access samba share via "sau1",and create a directory named "test"
>=====================================================================
>[root at rhel57v3 samba]# smbclient -U sau1%password
>//server-ip/samba-test
>
>smb: \> mkdir test
>=====================================================================
>
>3>Go to "samba-test", check the directory' attribute which is created in
>step#3
>=====================================================================
>[root at rhel57v3 samba-test]# ls -al
>total 32
>drwxrwxrwx  4 root root 4096 Oct 11 13:43 .
>drwxr-xr-x 26 root root 4096 Oct 11 13:40 ..
>drwxrwxr-x  2 sac2 sag1 4096 Oct 11 13:43 samba
>drwxrwxr-x  2 sbu1 1008 4096 Oct 11 13:42 test  <-------This is unexpected,
>directory's group should be "sag1",not 1008.
>
>
>The relevant logs as:
>[2012/10/14 01:32:59.274669,  4] smbd/reply.c:794(reply_tcon_and_X)
>  Client requested device type [?????] for share [SAMBA-TEST]
>[2012/10/14 01:32:59.274738,  5] smbd/service.c:1321(make_connection)
>  making a connection to 'normal' service samba-test
>[2012/10/14 01:32:59.274792,  3] lib/access.c:338(allow_access)
>  Allowed connection from 10.100.60.34 (10.100.60.34)
>[2012/10/14 01:32:59.274842, 10] smbd/share_access.c:241(user_ok_token)
>  user_ok_token: share samba-test is ok for unix user ASMB\sau1
>[2012/10/14 01:32:59.275127,  5] lib/username.c:171(Get_Pwnam_alloc)
>  Finding user ASMB\sau1
>[2012/10/14 01:32:59.275198,  5] lib/username.c:116(Get_Pwnam_internals)
>  Trying _Get_Pwnam(), username as lowercase is asmb\sau1
>[2012/10/14 01:32:59.275246,  5] lib/username.c:149(Get_Pwnam_internals)
>  Get_Pwnam_internals did find user [ASMB\sau1]!
>[2012/10/14 01:32:59.275319, 10] passdb/lookup_sid.c:76(lookup_name)
>  lookup_name: asmb\sag1 => domain=[asmb], name=[sag1]
>[2012/10/14 01:32:59.275397, 10] passdb/lookup_sid.c:77(lookup_name)
>  lookup_name: flags = 0x077
>[2012/10/14 01:32:59.283457, 10] passdb/lookup_sid.c:1636(sid_to_gid)
>  sid S-1-5-21-389355910-562143428-3661938687-1110 -> gid 1008
><<<< to faulty GID, it should 10001
>
>
>[2012/10/14 01:32:59.283526,  3] smbd/service.c:581(find_forced_group)
>  Forced group asmb\sag1
>[2012/10/14 01:32:59.283578, 10] smbd/service.c:162(set_conn_connectpath)
>  set_conn_connectpath: service samba-test, connectpath = /samba-test
>[2012/10/14 01:32:59.283627,  3] smbd/service.c:837(make_connection_snum)
>  Connect path is '/samba-test' for service [samba-test]
>[2012/10/14 01:32:59.283688, 10]
>../libcli/security/access_check.c:58(se_map_generic)
>  se_map_generic(): mapped mask 0x10000000 to 0x001f01ff
>
>any tips will be very grateful .
>
>Thanks
>kingson.
>
>
>
>
>
>--
>
>Thanks & Regards,
>25dollarTech Team
>https://sites.google.com/site/25dollartech/
>Email: 25dollartechhelp at gmail.com
>
>





More information about the samba-technical mailing list