[Samba] problem with ldap backend

John H Terpstra jht at samba.org
Mon Jan 2 17:56:34 GMT 2006


On Monday 02 January 2006 10:47, Vijay Avarachen wrote:
> Cornelius,
>       Does the cad group have permission to read/execute the /home/data/cad
> direcotry on the file server?  On the file server do 'ls -l /home/data |
> grep cad' .  If the group does not have read,execute access to the
> directory on the filesystem, then the samba acl is not gonna matter much.

It may be necessary to specify the group as follows:

	valid users = @"domain\group"

- John T.

>
> On 1/2/06, Cornelius Weiss <list at von-und-zu-weiss.de> wrote:
> > Hi Vijay,
> >
> > tnx for your replay,
> >
> > with getent passwd and getent groups i see all users and groups.
> > The usermanager on windows-machines also sees the groups and knows which
> > user
> > is in wich group, so this part seems to be working.
> >
> > cu
> > cornelius
> >
> > Am Montag, 2. Januar 2006 18:26 schrieb Vijay Avarachen:
> > > Can you confirm that your system recognizes the 'cad' group (which I
> >
> > assume
> >
> > > is in LDAP and not in local /etc/groups)?  Run 'getent group cad'. 
> > > What
> >
> > is
> >
> > > the output of this command?  If you get an error, then you need to fix
> >
> > that
> >
> > > first (check your nsswitch.conf, /etc/ldap.conf and
> >
> > /etc/openldap/ldap.conf
> >
> > > files and make sure you can run manual queries against your ldap
> >
> > server).
> >
> > > On 1/2/06, Cornelius Weiss <nelius at von-und-zu-weiss.de> wrote:
> > > > Hi,
> > > >
> > > > with ldap-backend, i can't set permission for shares groupwise.
> > > >
> > > > This is my smb.conf for a share:
> > > >
> > > > [cad]
> > > >   comment = STT CAD
> > > >   path = /home/data/cad
> > > >   readonly = yes
> > > >   browseable = yes
> > > >   valid users = @cad
> > > >   write list = @cad
> > > >   force group = cad
> > > >   create mask = 0664
> > > >   directory mask = 0775
> > > >
> > > > But this isn't working. no user of the group cad can read this share.
> > > > Moreover, it seems that "some" other userser which are not in the cad
> > > > group
> > > > can read this share, but i wasn't able to reproduce this truly. Seems
> >
> > to
> >
> > > > be
> > > > some random generator behind :-)
> > > >
> > > > I really have no idea whats going wrong. Could this be a bug of
> > > > samba? Anybody an idea?
> > > >
> > > > cu
> > > > cornelius
> > > >
> > > > --
> > > > http://von-und-zu-weiss.de
> > > > Phone: +49 2773 745822
> > > > Mobile: +49 160 95302679
> > > > Skype: nelius_weiss
> > > > ICQ: 5227437
> > > > --
> > > > To unsubscribe from this list go to the following URL and read the
> > > > instructions:  https://lists.samba.org/mailman/listinfo/samba
> > >
> > > --
> > > "Knowledge is the only wealth that grows as you spend it, and
> > > diminishes
> >
> > as
> >
> > > you save it."
> > > -- ancient Sanskrit saying
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
>
> --
> "Knowledge is the only wealth that grows as you spend it, and diminishes as
> you save it."
> -- ancient Sanskrit saying

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
Samba-3 by Example, 2 Ed., ISBN: 0131882221X
Hardening Linux, ISBN: 0072254971
Other books in production.


More information about the samba mailing list