[Samba] Bug in "force group" parameter, or group membership checking?

Wim Bakker koreander at planet.nl
Sat Apr 17 19:26:40 GMT 2004

On Saturday 17 April 2004 20:21, Wim Bakker wrote:
> So I take it that there is no checking whether a user that tries to
> connect to a share is , besides it's default group, the user connects
> with, allso member of the group that is auhorized to connect to
> that share, in this case being the group exact, so I have to set
> force group = exact , so a user that connects to that share,
> connects with default group exact , and is allowed to access the
> share and do it's thing. But apparently there is no checking whether
> that user is actually a member of that group , because when I connect
> as a completely different user, not at all listed in the group exact as a
> member , I get full access allso. Now I add the parameter :
> valid users = @exact
Wrong , it is being checked but what is being checked?
Output from log:
[2004/04/17 21:08:35, 2] lib/access.c:check_access(324)
  Allowed connection from  (
[2004/04/17 21:08:35, 10] lib/username.c:user_in_list(521)
  user_in_list: checking user gerrit in list
[2004/04/17 21:08:35, 10] lib/username.c:user_in_list(525)
  user_in_list: checking user |gerrit| against |@exact|
[2004/04/17 21:08:35, 5] lib/username.c:user_in_netgroup_list(310)
  Unable to get default yp domain
[2004/04/17 21:08:35, 2] smbd/service.c:make_connection_snum(391)
  user 'gerrit' (from session setup) not permitted to access this share 
[2004/04/17 21:08:35, 3] smbd/error.c:error_packet(134)

What is this "Unable to get default yp domain" doing?

Wim Bakker

More information about the samba mailing list