[Samba] Problem with LDAP groups and associated file permissions
Murray Trainer
mtrainer at central-data.net
Fri Dec 15 03:15:20 GMT 2006
On Fri, 2006-12-15 at 12:15 +1100, Matt Skerritt wrote:
> Check the file permissions on the folder and files in question. If
> the folder is setup with world execute permissions, anybody can
> change into it - and any files created by the user in question will
> probably be owned by them - and so they'll still have access if they
> can change into the containing directory.
>
> At least, that'd be the first thing I would look at.
>
> Also try running commands like "groups <user>" to make sure that your
> unix backend agrees that they are no longer in the group.
>
>
> On 15/12/2006, at 2:38 AM, Manuel Graumann wrote:
>
> > Hi folks!
> >
> > Our smb with LDAP PDC now seems to be nearly completed. Just now we
> > found
> > out something very mysterious. We organized some directorys to be
> > used by
> > specific domain groups. If we put a user into a group the user is
> > allowed to
> > access the associated share. So far this works pretty nice.
> >
> > If we remove the user from the domain group the user seems to keep
> > all his
> > rights he got from his group membership we removed - even after
> > loggin off
> > and on again and restarting smb and nmb. This seems to me a very
> > strange
> > behaviour. Any ideas where we have to look?
> >
> > Client OS: XP Pro SP 2
> > Server: openSuse 10.1 64 bit, Samba 3.0.22-13.18, openldap2
> > 2.3.19-18.10,
> > smbldap-tools 0.9.1-11
> >
> > Any hint would be nice.
> >
> > Regards
> >
> > Manuel
> >
Sound like a nscd caching issue - had the same problem with LDAP. You
probably need to set the user and group cache time to something low
in /etc/nscd.conf.
Murray
More information about the samba
mailing list