[Samba] 3.0.23 and group behavior

Stewart, Eric eric at lib.usf.edu
Mon Jul 31 14:57:32 GMT 2006 

	Well, I just did a fresh compile and install of 3.0.23a on a
test machine and am experiencing the same behavior.  In this case,
winbind is up and running, and I can chown/chgrp directories as Windows
users/groups.  I am able to connect when "valid users" expressly lists
my username, but not when it specifies a group I am in.  Config:

[global]
   load printers = no
   guest account = nobody
   hosts allow = <some ips>
   workgroup = MYDOM
   security = ADS
   realm = MY.REALM
   password server = *
   client schannel = no
   client use spnego = yes
   encrypt passwords = yes
   local master = no
   os level = 1
   wins server = <wins ip>
   preserve case = yes
   invalid users = root mail daemon
   log level = 10
   max log size = 0
   debug uid = yes
   debug pid = yes
   log file = /usr/local/samba/var/log.%m
   lock directory = /usr/local/samba/var/locks
   share modes = yes
   allow trusted domains = no
   winbind separator = +
   winbind uid = 12500-19999
   winbind gid = 12500-19999
   winbind enum users = yes
   winbind enum groups = yes
   winbind use default domain = no
   template homedir = /dev/null

[testshare1] ; this I can connect to
   browseable = yes
   force create mode = 0664
   force directory mode = 0775
   force group = web
   path = <share dir 1>
   read only = no
   valid users = MYDOM+eric

[testshare2] ; Here I get prompted for username and password, and denied
   browseable = yes
   force create mode = 0664
   force directory mode = 0775
   force group = MYDOM+mygroup
   follow symlinks = no
   path = <share dir 2>
   valid users = @MYDOM+mygroup
   read only = no

[testshare3] ; haven't gotten this far yet
   browseable = yes
   force create mode = 0664
   force directory mode = 0775
   follow symlinks = no
   force group = unixgroup
   path = <share dir 3>
   valid users = @MYDOM+othergroup, MYDOM+otheruser
   read only = no

	Some log file lines I see (not posted cause it would take a
while to sanitize - let me know if I need to sanitize them and post them
to the group, or if you want them sent direct to someone):

  winbind_lookup_sid: SUCCESS: SID
S-1-5-21-1409082233-1202660629-1343024091-5626 -> MYDOM mygroup
  string_to_sid: Sid @MYDOM+mygroup does not start with 'S-'.

	This is a test box mind you - my original query was about one of
two production boxes I have running Samba (one uses Winbind, the other
does not, and it was the one I was querying about).

> -----Original Message-----
> From: Gerald (Jerry) Carter [mailto:jerry at samba.org] 
> Sent: Monday, July 17, 2006 11:00 AM
> To: Stewart, Eric
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] 3.0.23 and group behavior
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Stewart, Eric wrote:
> > 	Okay, first the admisssions:
> 
> Fixed in 3.0.23a due out in the next 24 - 48 hours.
> 
> 
> 
> 
> 
> 
> jerry
> =====================================================================
> Samba                                    ------- http://www.samba.org
> Centeris                         -----------  http://www.centeris.com
> "What man is a man who does not make the world better?"      --Balian
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
> 
> iD8DBQFEu6XgIR7qMdg1EfYRAs27AKCAOAsE3ifK9graUN8MlNAyuPxOPwCgjVjC
> mmBFW4oI18smyBC8HPl7fAs=
> =wNMw
> -----END PGP SIGNATURE-----
> 
>

More information about the samba mailing list