[Samba] 3.0.23 and group behavior
Dale Schroeder
dale at BriannasSaladDressing.com
Wed Aug 2 12:17:18 GMT 2006
I am experiencing the same thing. I had hoped it would be completely
fixed in 23a.
Dale
Stewart, Eric wrote:
> Well, I just did a fresh compile and install of 3.0.23a on a
> test machine and am experiencing the same behavior. In this case,
> winbind is up and running, and I can chown/chgrp directories as Windows
> users/groups. I am able to connect when "valid users" expressly lists
> my username, but not when it specifies a group I am in. Config:
>
> [global]
> load printers = no
> guest account = nobody
> hosts allow = <some ips>
> workgroup = MYDOM
> security = ADS
> realm = MY.REALM
> password server = *
> client schannel = no
> client use spnego = yes
> encrypt passwords = yes
> local master = no
> os level = 1
> wins server = <wins ip>
> preserve case = yes
> invalid users = root mail daemon
> log level = 10
> max log size = 0
> debug uid = yes
> debug pid = yes
> log file = /usr/local/samba/var/log.%m
> lock directory = /usr/local/samba/var/locks
> share modes = yes
> allow trusted domains = no
> winbind separator = +
> winbind uid = 12500-19999
> winbind gid = 12500-19999
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = no
> template homedir = /dev/null
>
> [testshare1] ; this I can connect to
> browseable = yes
> force create mode = 0664
> force directory mode = 0775
> force group = web
> path = <share dir 1>
> read only = no
> valid users = MYDOM+eric
>
> [testshare2] ; Here I get prompted for username and password, and denied
> browseable = yes
> force create mode = 0664
> force directory mode = 0775
> force group = MYDOM+mygroup
> follow symlinks = no
> path = <share dir 2>
> valid users = @MYDOM+mygroup
> read only = no
>
> [testshare3] ; haven't gotten this far yet
> browseable = yes
> force create mode = 0664
> force directory mode = 0775
> follow symlinks = no
> force group = unixgroup
> path = <share dir 3>
> valid users = @MYDOM+othergroup, MYDOM+otheruser
> read only = no
>
> Some log file lines I see (not posted cause it would take a
> while to sanitize - let me know if I need to sanitize them and post them
> to the group, or if you want them sent direct to someone):
>
> winbind_lookup_sid: SUCCESS: SID
> S-1-5-21-1409082233-1202660629-1343024091-5626 -> MYDOM mygroup
> string_to_sid: Sid @MYDOM+mygroup does not start with 'S-'.
>
> This is a test box mind you - my original query was about one of
> two production boxes I have running Samba (one uses Winbind, the other
> does not, and it was the one I was querying about).
>
>
>> -----Original Message-----
>> From: Gerald (Jerry) Carter [mailto:jerry at samba.org]
>> Sent: Monday, July 17, 2006 11:00 AM
>> To: Stewart, Eric
>> Cc: samba at lists.samba.org
>> Subject: Re: [Samba] 3.0.23 and group behavior
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Stewart, Eric wrote:
>>
>>> Okay, first the admisssions:
>>>
>> Fixed in 3.0.23a due out in the next 24 - 48 hours.
>>
>>
>>
>>
>>
>>
>> jerry
>> =====================================================================
>> Samba ------- http://www.samba.org
>> Centeris ----------- http://www.centeris.com
>> "What man is a man who does not make the world better?" --Balian
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.2 (GNU/Linux)
>> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
>>
>> iD8DBQFEu6XgIR7qMdg1EfYRAs27AKCAOAsE3ifK9graUN8MlNAyuPxOPwCgjVjC
>> mmBFW4oI18smyBC8HPl7fAs=
>> =wNMw
>> -----END PGP SIGNATURE-----
>>
>>
>>
More information about the samba
mailing list