[Samba] vfs_ChDir fails,
even though the share is read-write for that user
Jeremy Allison
jra at samba.org
Wed Dec 12 21:38:43 GMT 2007
On Wed, Dec 12, 2007 at 02:21:43PM -0600, Nathan VanHoudnos wrote:
> Hi,
>
> I'm running Samba Version 3.0.25c on Solaris 10 8/07 on X86 hardware.
> It's successfully joined to AD.
>
> But, and there always is a but, if :
> * A user is a member of SomeGroup
> * and the share alllows SomeGroup to access it
> * and SomeGroup is NOT what the user has set as their Primary Group in
> Active Directory
> then
> * Samba will recognize that the user can access the share
> * but, vfs_ChDir will fail
>
> Consider a user, "vanhoudn", whose primary group is "WSG Staff".
> If the share config is set to:
> [arrakis]
> path = "/export/arrakis"
> comment = "Arraken Test share"
> writeable = yes
> valid users = @"UIUC+domain users"
> vfs objects = zfsacl
> nfs4: mode = special
>
> The logs will spit out:
> [2007/12/12 10:09:17, 10] smbd/share_access.c:(232)
> user_ok_token: share arrakis is ok for unix user UIUC+vanhoudn
> [2007/12/12 10:09:17, 10] smbd/share_access.c:(274)
> is_share_read_only_for_user: share arrakis is read-write for unix user
> UIUC+vanhoudn
>
> Which is good. And, we can see that samba is correctly finding all of
> the groups that this user is a member of...
>
> [2007/12/12 10:09:17, 5] auth/auth_util.c:(474)
> UNIX token of user 10000
> Primary group is 10031 and contains 58 supplementary groups
> Group[ 0]: 10007
> Group[ 1]: 10008
> <etc>
Doesn't Solaris still have a limit of 16 UNIX groups per
process token ? Or did that get fixed ? That would explain
this.
Jeremy.
More information about the samba
mailing list