[Samba] ACL group permissions only work on primary group (RickSegeberg)

Tue Apr 15 17:06:32 GMT 2003

I appreciate your response and I tried your solution.  However, it does not seem to help.

I am using MS Active Directory on a Windows 2000 server for the authentication and rights for the users.  I realize AD is based on LDAP, but it's been changed to suit Microsoft's needs - meaning it's not "pure ldap".

Based on what you said, I made sure to create a user and a few groups which had no spaces or capital letters in the names.  The user is still only able to access directories in which he is a primary user.  I do not know of a way (although I'm sure one exists) to directly edit the "memberUid=" field in AD - but if I created the user using an all lower case name, then it should be all lower-case.

Thanks again - if you have any other ideas, I'd be happy to hear them.

Rick Segeberg
Provo Site Manager, IT Department
The Waterford Institute
rick.segeberg at waterford.org

-----Original Message-----
From: Wolfgang Büch [mailto:buech at uni-hamburg.de] 
Sent: Tuesday, April 15, 2003 1:33 AM
To: samba at lists.samba.org
Subject: [Samba] ACL group permissions only work on primary group (RickSegeberg)

We faced the same Problem Samba not recognizing secondary groups of an
individual user. The reason is the handling of small an capital letters of
the user uid between samba and ldap.
Ldap for example has the following person and group:
uid=Thomas,dc=...,dc=...,dc=de
cn=group1,ou=groups,dc=...,dc=...,dc=de

Group1 has the attribute "memberUid=Thomas"; this means "Thomas" is member
of "group1" ; he has a secondary Group Membership for "group1".

Normaly any share, which has the underlying unix permission for this
secondary group set to rwx, should grant the access permission to that
share for "Thomas". But it doesn't work.

Examing the syslog (ldap) we found, that samba is searching for
memberUid=thomas in small letter.

If you change

"uid=Thomas,dc=...,dc=...,dc=de"

to

"uid=thomas,dc=...,dc=...,dc=de"

It should work!

Wolfgang

Wolfgang Büch
Unix - und Windows Systemadministration
Universität Hamburg
Regionales Rechenzentrum
Gruppe Virtuelle Campus Bibliothek - VCB
Schlüterstrasse 70
D-20146 Hamburg
Tel.: (+40) 42838-3094

Random Thought:
--------------

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

*************************************

This e-mail may contain privileged or confidential material intended for the named recipient only.
If you are not the named recipient, delete this message and all attachments.
Unauthorized reviewing, copying, printing, disclosing, or otherwise using information in this e-mail is prohibited.
We reserve the right to monitor e-mail sent through our network. 

*************************************