[SAMBA] Only primary group being used for AD user?
Wayne Rasmussen
wayne at mail.gomonarch.com
Thu Jan 6 22:57:24 GMT 2005
In my test AD adtest.com we have a user wjr who is a member of two groups:
Domain Users, xyzusers
We have two shares defined in the smb.conf file as follows:
[global]
workgroup = adtestnetbios
realm = adtest.com
security = ADS
encrypt passwords = yes
log level = 10
idmap uid = 10000-35000
idmap gid = 10000-35000
winbind enum users = yes
winbind enum groups = yes
template homedir = /u/%U
template shell = /bin/csh
winbind use default domain = yes
[public]
comment = User's sharing documents here.
public = no
path = /u/public
read only = No
create mask = 0660
directory mask = 0770
browseable = Yes
[u]
comment = main work area
path = /u
public = no
create mask = 0660
read only = No
directory mask = 0770
browseable = Yes
The permissions on the two directories in the path are as follows:
drwxr-xr-x 14 root root 512 Dec 12 15:17 u/
drwxrws--- 2 stock xyzusers 512 Dec 6 14:48 public/
A getent passwd for the user results in the following:
getent passwd |grep wjr
wjr:x:10023:10000:wayne j rasmussen:/u/wjr:/bin/csh
A getent group for the appropriate groups results in the following:
Domain Users:x:10000:
xyzusers:x:10021:wjr
log.smbd shows that the xyzusers is not being seen/used by samba.
[2005/01/06 14:01:22, 5] auth/auth_util.c:debug_unix_user_token(505)
UNIX token of user 10023
Primary group is 10000 and contains 1 supplementary groups
Group[ 0]: 10000
The user wjr on a Window XP Pro box can browse to the server, access the /u
share, but gets \\servername\public not accessible message. Is this a bug?
It seems that samba can only use a single group for a given userid...
BTW.We are running Samba 3.0.9 on Solaris 9.
More information about the samba
mailing list