[Samba] force group to Unix group in 3.0.25

seowphm at starhub.net.sg seowphm at starhub.net.sg
Fri May 18 06:03:14 GMT 2007 

Hi,

I'm currently using v3.0.24 in production and all works well.
I'm testing 3.0.25 to see if I'm going to have any problems with it if I have to upgrade.
I have a problem with the "force group" setting if it is set to a local Unix group.
This same setting works fine in 3.0.24 but I'm denied access to the same share
in 3.0.25.  If I comment off the "force group" line in 3.0.25, I can access the share fine.  It also works if I set the "force group" setting to a domain group.  It only fails with a local Unix group.
Any pointers to what I can try to resolve this in 3.0.25 ?

Thanks,
Mike
----

3.0.24 -- ok
[2007/05/18 11:57:02, 10] passdb/lookup_sid.c:lookup_name(64)
  lookup_name: Unix Group\localgrp => Unix Group (domain), localgrp (name)
[2007/05/18 11:57:02, 10] passdb/lookup_sid.c:sid_to_gid(1324)
  sid_to_gid: S-1-22-2-561 -> 561
[2007/05/18 11:57:02, 3] smbd/service.c:find_forced_group(493)
  Forced group localgrp

---------------------------
3.0.25 -- failed
[2007/05/18 11:55:14, 10] passdb/lookup_sid.c:lookup_name(64)
  lookup_name: Unix Group\localgrp => Unix Group (domain), localgrp (name)
[2007/05/18 11:55:14, 10] passdb/lookup_sid.c:sid_to_gid(1440)
  winbind failed to find a gid for sid S-1-22-2-561
[2007/05/18 11:55:14, 10] smbd/service.c:find_forced_group(498)
  sid_to_gid(S-1-22-2-561) for localgrp failed
[2007/05/18 11:55:14, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/reply.c(514) cmd=117 (SMBtconX) NT_STATUS_NO_SUCH_GROUP
----------------------------

smb.conf

[global]
workgroup = DOMAIN
security = ADS
realm = DOMAIN.COM
password server = *
wins server = x.x.x.x y.y.y.y

log level = 10
maxlogsize = 500000

allow trusted domains = No
idmap uid = 100000-500000
idmap gid = 100000-500000

winbind use default domain = Yes
winbind enum users = No
winbind enum groups = No
winbind nested groups = Yes

create mask = 0664
directory mask = 0775
force create mode = 0775
force directory mode = 0775
deadtime = 15
local master = No
ldap ssl = no
invalid users = root bin daemon noaccess adm lp uucp sys tty

[share1]
path = /share1
read only = No
browseable = No
hide unreadable = Yes
force group = localgrp
valid users = @"DOMAIN\Domain Users"
--------------------------


Powered by Gee! - Wireless Access Anywhere

More information about the samba mailing list