[Samba] Problem Mappig Groups to shares

William Marques wmarques at vmlinuz.com.br
Mon Aug 29 14:32:31 GMT 2005 

Kevin Brouelette escreveu:

>Try=20
>
>valid users =3D @grupoteste
>
>I think the + is what is breaking this.
>See 'man smb.conf' for the correct syntax of all samba directives.
>Be sure to run 'testparm' for syntax check etc.
>
>Kevin B
>
>
>
>On Fri, 2005-08-26 at 19:46 -0300, William Marques wrote:
> =20
>
>>Hi list,
>>
>>I have a problem here that's make me insane...
>>I have to make a share only available to persons in a group, it means=20
>>that the directory have to be 0770 permission o Linux, right?
>>Here is my situation:
>>I use samba with LDAP, and everithing is working fine.
>>With smbldap-tools, I created the group and with <net groupmap list>
>>I see that it maps rigth to Unix Group:
>>
>>grupoteste (S-1-5-21-980314579-3254781846-1046201792-3071) -> grupotest=
e
>>
>>I putt all the people who should have acces to the share inside the=20
>>group, as I can see with smbldap-groupshow grupoteste:
>>
>>dn: cn=3Dgrupoteste,ou=3DGroups,dc=3Dfeam,dc=3Dbr
>>objectClass: posixGroup,sambaGroupMapping
>>cn: grupoteste
>>gidNumber: 1035
>>memberUid: william,lvlira
>>sambaSID: S-1-5-21-980314579-3254781846-1046201792-3071
>>sambaGroupType: 2
>>displayName: grupoteste
>>description: Local Unix group
>>with getent group grupoteste I have:
>>grupoteste:x:1035:william,lvlira
>>
>>The share:
>>ls -ald /home/pasta-teste
>>drwxrwx---    2 root     grupoteste     4096 Ago 26 18:10 /home/pasta-t=
este/
>>
>>In smb.conf:
>>
>>[global]
>>        workgroup =3D HOSPITAL
>>        netbios name =3D FEAM001
>>        server string =3D Servidor FEAM
>>        encrypt passwords =3D Yes
>>        update encrypted =3D Yes
>>
>>security =3D user
>>#       unix password sync =3D Yes
>>os level =3D 255
>>log level =3D 1
>>time server =3D yes
>>#time offset =3D 60
>>passwd program =3D /usr/local/sbin/smbldap-passwd -u %U
>>passwd chat =3D "Mudando a senha para*\nNew password*" %n\n "*Digite=20
>>novamente a senha*" %n\n"
>>min passwd length =3D 6
>>        ldap passwd sync =3D yes
>>        passdb backend =3D ldapsam:ldap://127.0.0.1/
>>        ldap admin dn =3D cn=3DManager,dc=3Dfeam,dc=3Dbr
>>        ldap suffix =3D dc=3Dfeam,dc=3Dbr
>>        ldap group suffix =3D ou=3DGroups
>>        ldap user suffix =3D ou=3DUsers
>>        ldap machine suffix =3D ou=3DComputers
>>        ldap ssl =3D no
>>logon home =3D
>>logon path =3D
>>        log file =3D /var/log/samba/samba-all.log
>>        max log size =3D 0
>>        name resolve order =3D wins lmhosts host bcast
>>        socket options =3D TCP_NODELAY SO_RCVBUF=3D8192 SO_SNDBUF=3D819=
2
>>        oplocks =3D yes
>>        veto oplock files =3D=20
>>/*.idx/*.ind/*.IDX/*.IND/*.db/*.DB/*.mdb/*.MDB/*.px/*.PX/*.seq/*.SEQ/*.=
int/*.INT/
>>        read raw =3D yes
>>        write raw =3D yes
>>        max xmit =3D 65535
>>        dead time =3D 15
>>        getwd cache =3D yes
>>        logon script =3D %U.bat
>>        domain logons =3D Yes
>>        preferred master =3D Yes
>>        domain master =3D Yes
>>        dns proxy =3D No
>>        wins support =3D Yes
>>        printing =3D lprng
>>        preserve case =3D No
>>        short preserve case =3D No
>>        unix charset =3D UTF8
>>        display charset =3D UTF8
>>        dos charset =3D cp850
>>
>>[pastateste]
>>comment =3D teste
>>path =3D /home/pasta-teste
>>create mask =3D 0770
>>force create mode =3D 0770
>>preserve case =3D yes
>>
>>I have also tried put in the share:
>>valid users =3D +grupotest
>>
>>But the same error occours:
>>I Can't open the share using samba...
>>In logs:
>>
>>chdir (/home/pasta-teste) failed
>>
>>Any clues about that?
>>
>>Regards,
>>
>>--=20
>>William Henrique Siqueira Marques
>>wmarques at vmlinuz.com.br
>>
>>
>>=09
>>=09
>>	=09
>>_______________________________________________________=20
>>Yahoo! Acesso Gr=C3=A1tis - Internet r=C3=A1pida e gr=C3=A1tis.=20
>>Instale o discador agora! http://br.acesso.yahoo.com/
>>   =20
>>
>
> =20
>
I tried this too, withou success...
Follows some logs:
[2005/08/29 10:45:35, 0] smbd/service.c:set_current_service(51)
  chdir (/home/pasta-teste) failed
 UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2005/08/29 10:53:53, 5] smbd/uid.c:change_to_root_user(296)
  change_to_root_user: now uid=3D(0,0) gid=3D(0,0)
[2005/08/29 10:53:53, 4] smbd/reply.c:reply_tcon_and_X(408)
  Client requested device type [?????] for share [PASTATESTE]
[2005/08/29 10:53:53, 5] smbd/service.c:make_connection(813)
  making a connection to 'normal' service pastateste
[2005/08/29 10:53:53, 10] lib/username.c:user_in_list(529)
  user_in_list: checking user lvlira in list
[2005/08/29 10:53:53, 10] lib/username.c:user_in_list(533)
  user_in_list: checking user |lvlira| against |@grupoteste|
[2005/08/29 10:53:53, 5] lib/username.c:user_in_netgroup_list(315)
  Unable to get default yp domain < ---- Try to acces NIS, what I dont=20
have....
[2005/08/29 10:53:53, 2] smbd/service.c:make_connection_snum(314)
  user 'lvlira' (from session setup) not permitted to access this share=20
(pastateste)
[2005/08/29 10:53:53, 3] smbd/error.c:error_packet(129)
  error packet at smbd/reply.c(416) cmd=3D117 (SMBtconX)=20
NT_STATUS_ACCESS_DENIED

Well it seems like it try to just look into NIS Directory, but I usuing=20
LDAP.
with the option +grupoteste fails too....


I'm in troubles....

Any other suggestions?

Best Regards,

--=20
William Henrique Siqueira Marques
wmarques at vmlinuz.com.br



	
	
		
_______________________________________________________ 
Yahoo! Acesso Grátis - Internet rápida e grátis. 
Instale o discador agora! http://br.acesso.yahoo.com/

More information about the samba mailing list