[Samba] Samba 3.0.13 security= ADS / Problem to access a share in
auth_util.c
==> change of group not taken into account (supplementary groups)
Guy Le Gac
guy.legac at ch-stbrieuc.fr
Wed Mar 30 14:14:59 GMT 2005
Excuse me, i am french....
My SAMBA v3.0.13 (over a linux Redhat 7.3.1 With kernel 2.4.27-4) is
configured with " security = ADS " to communicate with Active directory
(2003 server).
The problem : When i modify the group of a user in the Active directory,
this modification is not completely taken into account in samba.
In fact the orders "getent" and "wbinfo" gives one resulted correct but
the user cannot reach a share to which its group has right.
sample :
on Active directory : user=test => Primary group : Domain's users,
Supplementary groups : office
Domain name: GCA_CH22:
On samba server:
===============
[root at nas02 log]# id GCA_CH22+test
uid=20037(GCA_CH22+test) gid=20014(GCA_CH22+Domain's users)
groups=20014(GCA_CH22+Domain's users,20012(GCA_CH22+office)
Samba Trace with loglevel = 5:
=============================
auth/auth_util.c:debug_unix_user_token(506)
UNIX token of user 20037
Primary group is 20014 and contains 2 supplementary groups
Group[ 0]: 20014
Group[ 1]: 20050 =====> !!!! OLD GROUP .... i don't see 20012 group
(office)
installed packages : Kerberos 1.3.4.1, openldap-2.0.23-4, libacl 2.2.7
--
thank you for your assistance
-----------------------------------------------------------------
Guy Le Gac
More information about the samba
mailing list