[Samba] Samba ADS member: using local groups

Damir Dezeljin programing at mbss.org
Fri Jun 23 09:47:38 GMT 2006 

Hi.

I have problems using local groups on a SAMBA ADS member. I encountered 
the problem when I switched from Fedora Core 4 to Fedora Core 5.

I'm using the FC5 samba-3.0.22-1.fc5 package.

The SELinux is set to permissive mode (SELINUX=permissive), so this should 
not cause problems.


I'm using same scripts for generating group mapping and add users to 
groups, as I used on FC4.


The problem is I can not access to a newly created share. I'm getting 
access denied.


Details:
----
smb.conf:
   workgroup = MYAD
   realm = MYAD.SI
   security = ads
   netbios name = SRV
   use kerberos keytab = True

   local master = no
   domain master = no
   preferred master = no
   domain logons = no

   winbind cache time = 150
   template shell = /bin/false
   template homedir = /dev/null
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431

   enable privileges = no
   allow trusted domains = yes
   winbind trusted domains only = no
   winbind use default domain = no
   acl group control = no
   winbind enum groups = yes
   winbind enum users = yes
   winbind nested groups = yes

[testg]
   path = /tmp/testg
   browsable = yes

# net groupmap list | grep testg
testg (S-1-5-21-36326577-213813108-2479972072-35181) -> testg

# net rpc group members testg -U MYAD\\damird%pass
MYAD\damird

# grep testg /etc/group
testg:x:17090:MYAD\damird

# getent group testg
testg:x:17090:MYAD\damird

# getent group SRV\\testg
testg:*:16777937:MYAD\damird

# chown root:testg /tmp/testg
# chmod 770 /tmp/testg
# ls -ald /tmp/testg
drwxrwx--- 17 root testg 4096 Jun 23 11:26 /tmp/testg

# sudo -u MYAD\\damird ls -al /tmp/testg
total 16
drwxrwx--- 2 root testg 4096 Jun 23 11:43 .
drwxrwxrwt 8 root root  4096 Jun 23 11:39 ..

# cat /var/log/samba/10.10.10.100.log
[2006/06/23 11:44:25, 1] smbd/service.c:make_connection_snum(693)
   10.10.10.100 (10.10.10.100) connect to service testg initially as user 
MYAD\damird (uid=16777217, gid=16777217) (pid 6509)
[2006/06/23 11:44:25, 0] smbd/service.c:set_current_service(49)
   chdir (/tmp/testg) failed
[2006/06/23 11:44:25, 0] smbd/service.c:set_current_service(49)
   chdir (/tmp/testg) failed
[2006/06/23 11:44:26, 0] smbd/service.c:set_current_service(49)
   chdir (/tmp/testg) failed
----


Any hint will be appreciated :)

Thanks and best regards,
Dezo

More information about the samba mailing list