[Samba] 3.0.0 Beta 2: Supplementary group problem
Raj Mathur
raju at linux-delhi.org
Fri Jul 18 17:21:57 GMT 2003
Hi,
We're using Samba 3.0.0 beta2 with a Windows 2003 domain controller at
a client's site.
OS: Vanilla Red Hat Linux 8.0 on i686 (no patches or updates). Samba
compiled from source into RPM (makerpm.sh) and upgraded from version
2. --with-acl-support enabled.
Filesystem: SGI XFS (kernel 2.4.21) from CVS.
Using Winbind to provide ID mapping from Windows users and groups to
Unix users and groups. Enabled Winbind support in nsswitch.conf for
passwd, group and shadow.
NOT using LDAP.
Most things are working fine: getent enumerates the Windows users and
groups, authentication happens from the PDC, home directories work
fine.
Problems:
1. We have many Windows groups to which we need to grant access to all
members of the group. We're creating directories and shares for these
groups. However if a user with primary gid [not in group] and
supplementary gid of the group tries to write to these shares s/he's
denied access. Even after smbd switches its UID to that of the
correct user it only seems to have filesystem permissions of the
primary group, and no permissions that the supplementary groups would
give it.
2. Earlier we tried without the nsswitch mapping, by automatically
creating users, groups and directories whenever a user connected to
the Samba server for the first time. However we couldn't use
identical id maps for users and groups, and giving different id map
ranges for users and groups (e.g. 10000-20000 for users and
30000-40000 for groups) resulted in smbd repeatedly failing in trying
to resolve gid 0 to a group name.
3. The ACLs seem to work from time to time, but not always. Very
often we see POSIX ACLs set correctly on the filesystem, but smbd
still refuses to access/write the file. Can provide detailed logs if
anyone's interested.
Regards,
-- Raju
--
Raj Mathur raju at kandalaya.org http://kandalaya.org/
GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F
It is the mind that moves
More information about the samba
mailing list