ham,[Samba] Creating a group share

Prakash Velayutham prakash.velayutham at cchmc.org
Wed Nov 14 14:48:59 GMT 2007


To add more info, I am seeing the following in the logs. So I am  
guessing authentication is working fine. It is something with regards  
to the group membership that is not.

[2007/11/14 09:41:06, 5] auth/auth.c:check_ntlm_password(296)
   check_ntlm_password:  PAM Account for user [prakash] succeeded
[2007/11/14 09:41:06, 2] auth/auth.c:check_ntlm_password(309)
   check_ntlm_password:  authentication for user [prakash] ->  
[prakash] -> [prakash] succeeded

Thanks,
Prakash

On Nov 14, 2007, at 8:57 AM, Dale Schroeder wrote:

> Prakash,
>
> You have inadvertently combined two parameters.  There is no "valid  
> write list" parameter.
> You should use
>     write list = +WTCCC
>     valid users = +WTCCC
>
> It should work after correcting the parameter.
>
> Good luck,
> Dale
>
> Prakash Velayutham wrote:
>>
>> Hello,
>>
>> I have a Samba PDC (3.x) running in a OpenSUSE 10.2 system. The  
>> authentication backend is Open LDAP.
>>
>> I want to create a group share (WTCCC) which should be accessible  
>> to a group of users (belonging to a group called WTCCC). The users'  
>> possess this group as their secondary group (NOT primary).
>>
>> And the share folder would have its gid bit set, so all the writes  
>> to the folder would be accessible further by only people belonging  
>> to WTCCC. Also I want a default umask of 770 for the shared folder  
>> too.
>>
>> Could someone suggest a share configuration that can do these?
>>
>> Currently, I have
>>
>> [JIAGEN1]
>>     comment = JIAGEN project share
>>     path = /export/newWTCCC
>>     valid write list = +WTCCC
>> #    acl check permissions = true
>> #    acl group control = yes
>>     browseable = Yes
>> #    read only = No
>>     inherit acls = Yes
>>     force group = +WTCCC
>>     writable = yes
>>     create mask = 0660
>>     directory mask = 0770
>>
>> But as soon as I change the ownership of /export/newWTCCC to  
>> root:WTCCC, the users are not able to access the share. But if I  
>> have the force group enabled, everyone is able to access the share  
>> (as it forces everyone to belong to the group, which should not be  
>> the case).
>>
>> Thanks,
>> Prakash



More information about the samba mailing list