manuel at varxec.de
Fri Nov 24 01:48:22 GMT 2000
On Thu, Nov 23, 2000 at 05:13:06PM +0100, robert.gehr at web2cad.de wrote:
> I just set up a LDAP server for user and group management. From the OS
> level this works fine and all group permissions etc. are working just the
> way they ought to.
> The idea was (and still is) to use the LDAP server as a repository for each
> Samba server. I set up the /etc/nsswitch.conf file on each Samba server
> accordingly and when I connect from a Win$ box I can log into a samba share
> and the existence of the Unix account is checked against LDAP.
I have a very similar setup (testing phase right now, hopefully going
live next week :)
> I tried the following.
> User: Member of Group:
> john sales, marketing, all
> jack sales, all
> fred all
> the default (primary) group for all users is group "all"
> I defined a share "testing" on Samba saying "valid users = +sales" and
> behold only john and jack are able to connect.
> I redifined the share to "valid users = +all" and john,jack,and fred can
> I created a directory under testing named "budget" and did a "chown
> fred:sales and a chmod 770 for that thing"
> As root I do a "su john" changed into budget and created a file without a
what were the usr/group and access rights of this file when you created it
on Unix ?
correct me if i am wrong, but if a user creates a file, the group is always
the users primary group.
> >From Windows I tried to create a directory as user john under budget and
> get "no permission"
> I define a "force group = sales" for that share and it works.
i use force group on most of my shares (thats the reason why the
"force group" parameter exists)
> Now this isn't of much use, of no use at all to be true so I put all the
whats the problem with "force groups" ?
> information from the Ldap server into /etc/passwd /etc/group
> adjusted /etc/nsswitch turned the Ldap server off and everything worked as
> Why is the LDAP server in conjunction with samba always comming along with
> the default group ID not checking whether the user belongs to any other
> groups that would permit the requested action as it is on the OS level or
> when using the /etc files ???
> Strangely enough it must be checking for additional groups in the first
> place for when I connect to the share being defined as "valid users =
> +sales" the connect succeeds and I can mount the thing.
> If I could get this solved that would make it ready to go.
.-. | Manuel Bessler
/v\ L I N U X | <manuel at varxec.de>, <m.bessler at gmx.net>
// \\ >Phear the Penguin< |
/( )\ | Debian/GNU Linux user
GPG Fingerprint: 278D 2DC2 8A3E 9AEE 98F1 71D2 B224 68D1 1240 28BC
More information about the samba