[Samba] nsswitch groups confusion

Wagener, Harald hwagener at hamburg.fcb.com
Fri Jun 9 10:23:27 GMT 2006 

Hello,

I just recently migrated our samba fileservers to be members of our
corporate AD domain, which seemed to work out so far. Now, I experience
problems with group membership of groups that are defined on our old ldap
server. To avoid recreating all these groups in the AD, i thought it'd be
nice to use the old groups with the new user accounts via nsswitch.

Samba 3.0.22 on debian/unstable (debian version 3.0.22-1)

My nsswitch.conf shows:

passwd:         compat winbind ldap
group:          compat winbind ldap
shadow:         compat winbind ldap

getent passwd <user> and getent group <group> do give the expected results:

# getent passwd hwagener
hwagener:x:10170:100:Harald Wagener:/home/hwagener:/bin/bash
# getent passwd harald.wagener
harald.wagener:x:105593:100000:Wagener,
Harald:/home/IPGEMEA/harald.wagener:/bin/bash
fileserver1:~# getent group testgroup
testgroup:x:10400:hwagener,harald.wagener

ls and getfacl also show all is set correctly:

# ls -lad TestDir/
drwxr-x---  2 hwagener testgroup 6 Jun  9 12:01 TestDir/

my smb.conf is very short. These are the winbind settings:

# winbind
   winbind use default domain = yes
   winbind nested groups = no
   winbind separator = +
   winbind enum groups = no # winbindd keeps crashing otherwise
   winbind enum users = no  # winbindd keeps crashing otherwise

This is my share definition

[Service]
        path=<path to service>
        browseable = yes
        writeable = yes
        guest ok = no

samba logs generated from clicking at the directory
are in the attached file acces-to-dir.txt.

changing the primary owner to harald.wagener does give me access to the
directory, as well changing rights to allow all users access (iow, chmod
o+rx and chown <first.last> work as expected, but are not what we want).

Advice on how to get this working is welcome. If any parts are missing to
help me, please point that out.

Regards,
    Harald

-- 
harald wagener
technical lead it

fcb wilkens
an der alster 42
20099 hamburg
germany
t. +49(0)40-2881-1252
mjahn at fcb.com
www.footeconebelding.de

More information about the samba mailing list