[Samba] Problem with LDAP groups and associated file permissions

Matt Skerritt matt.skerritt at agrav.net
Fri Dec 15 01:15:41 GMT 2006

Check the file permissions on the folder and files in question. If  
the folder is setup with world execute permissions, anybody can  
change into it - and any files created by the user in question will  
probably be owned by them - and so they'll still have access if they  
can change into the containing directory.

At least, that'd be the first thing I would look at.

Also try running commands like "groups <user>" to make sure that your  
unix backend agrees that they are no longer in the group.

On 15/12/2006, at 2:38 AM, Manuel Graumann wrote:

> Hi folks!
> Our smb with LDAP PDC now seems to be nearly completed. Just now we  
> found
> out something very mysterious. We organized some directorys to be  
> used by
> specific domain groups. If we put a user into a group the user is  
> allowed to
> access the associated share. So far this works pretty nice.
> If we remove the user from the domain group the user seems to keep  
> all his
> rights he got from his group membership we removed - even after  
> loggin off
> and on again and restarting smb and nmb. This seems to me a very  
> strange
> behaviour. Any ideas where we have to look?
> Client OS: XP Pro SP 2
> Server: openSuse 10.1 64 bit, Samba 3.0.22-13.18, openldap2  
> 2.3.19-18.10,
> smbldap-tools 0.9.1-11
> Any hint would be nice.
> Regards
> Manuel
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

Matt Skerritt
matt.skerritt at agrav.net

More information about the samba mailing list