[Samba] Bug in "force group" parameter, or group membership checking?

Wim Bakker koreander at planet.nl
Sat Apr 17 20:14:06 GMT 2004


On Saturday 17 April 2004 21:26, Wim Bakker wrote:
> On Saturday 17 April 2004 20:21, Wim Bakker wrote:
> > So I take it that there is no checking whether a user that tries to
> > connect to a share is , besides it's default group, the user connects
> > with, allso member of the group that is auhorized to connect to
> > that share, in this case being the group exact, so I have to set
> > force group = exact , so a user that connects to that share,
> > connects with default group exact , and is allowed to access the
> > share and do it's thing. But apparently there is no checking whether
> > that user is actually a member of that group , because when I connect
> > as a completely different user, not at all listed in the group exact as a
> > member , I get full access allso. Now I add the parameter :
> > valid users = @exact
>
> Wrong , it is being checked but what is being checked?
> Output from log:
> [2004/04/17 21:08:35, 2] lib/access.c:check_access(324)
>   Allowed connection from  (10.0.0.10)
> [2004/04/17 21:08:35, 10] lib/username.c:user_in_list(521)
>   user_in_list: checking user gerrit in list
> [2004/04/17 21:08:35, 10] lib/username.c:user_in_list(525)
>   user_in_list: checking user |gerrit| against |@exact|
> [2004/04/17 21:08:35, 5] lib/username.c:user_in_netgroup_list(310)
>   Unable to get default yp domain
> [2004/04/17 21:08:35, 2] smbd/service.c:make_connection_snum(391)
>   user 'gerrit' (from session setup) not permitted to access this share
> (exact)
> [2004/04/17 21:08:35, 3] smbd/error.c:error_packet(134)
>
> What is this "Unable to get default yp domain" doing?

Problem was in the nsswitch.conf:
entry:
nss_base_group  dc=ahm,dc=nl?one
should have been:
nss_base_group  dc=ahm,dc=nl?sub

Thanx
WB



More information about the samba mailing list