[Samba] Creating a group share
Prakash Velayutham
prakash.velayutham at cchmc.org
Wed Nov 14 19:39:06 GMT 2007
Hello All,
Wanted to update you all that this issue is resolved.
This is my working configuration.
[global]
workgroup = WORKGROUPNAME
netbios name = servername
encrypt passwords = yes
password server = *
passdb backend = ldapsam:"ldaps://x.y.z"
log level = 9
syslog = 0
name resolve order = wins bcast hosts
ldap suffix = o=x,c=y
ldap machine suffix = ou=xx
ldap group suffix = ou=yy
ldap user suffix = ou=xx
ldap idmap suffix = ou=nn
ldap admin dn = cn=Manager,o=x,c=y
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = yes
winbind cache time = 5
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
security = user
[JIAGEN]
comment = JIAGEN project share
path = /export/WTCCC
valid users = @WTCCC
write list = +WTCCC
read only = No
inherit acls = Yes
force group = +WTCCC
writable = yes
create mask = 0660
directory mask = 0770
I had some issue with server-side caching, which got resolved once I
stopped nscd on the server.
Now everything is peachy!!!
Thanks,
Prakash
On Nov 14, 2007, at 10:13 AM, Dale Schroeder wrote:
> Are there any errors in the logs? If not, try increasing your log
> level to 10.
> What does the global section of your smb.conf look like, and which
> version of Samba are you running?
> If it is an openldap problem, maybe one of the ldap experts (which I
> am not) could spot it.
>
> Dale
>
> Prakash Velayutham wrote:
>>
>> To add more info, I am seeing the following in the logs. So I am
>> guessing authentication is working fine. It is something with
>> regards to the group membership that is not.
>>
>> [2007/11/14 09:41:06, 5] auth/auth.c:check_ntlm_password(296)
>> check_ntlm_password: PAM Account for user [prakash] succeeded
>> [2007/11/14 09:41:06, 2] auth/auth.c:check_ntlm_password(309)
>> check_ntlm_password: authentication for user [prakash] ->
>> [prakash] -> [prakash] succeeded
>>
>> Thanks,
>> Prakash
>
>
> Prakash Velayutham wrote:
>>
>> Hi Dale,
>>
>> Thanks for the response. I changed my share configuration as below.
>> But now I cannot authenticate.
>>
>> [JIAGEN1]
>> comment = JIAGEN project share
>> path = /export/newWTCCC
>> valid users = +WTCCC
>> write list = +WTCCC
>> read only = No
>> inherit acls = Yes
>> force group = +WTCCC
>> writable = yes
>> create mask = 0660
>> directory mask = 0770
>>
>> Any ideas why?
>>
>> I checked that the user is a part of the group (though not primary).
>>
>> bmifsrd2:~ # groups prakash
>> prakash : users torque-users calendar-users irc-users WTCCC plone-
>> managers plone-members fmadmin fmuser
>>
>> Thanks,
>> Prakash
>>
>> On Nov 14, 2007, at 8:57 AM, Dale Schroeder wrote:
>>
>>> Prakash,
>>>
>>> You have inadvertently combined two parameters. There is no
>>> "valid write list" parameter.
>>> You should use
>>> write list = +WTCCC
>>> valid users = +WTCCC
>>>
>>> It should work after correcting the parameter.
>>>
>>> Good luck,
>>> Dale
>>>
>>> Prakash Velayutham wrote:
>>>>
>>>> Hello,
>>>>
>>>> I have a Samba PDC (3.x) running in a OpenSUSE 10.2 system. The
>>>> authentication backend is Open LDAP.
>>>>
>>>> I want to create a group share (WTCCC) which should be accessible
>>>> to a group of users (belonging to a group called WTCCC). The
>>>> users' possess this group as their secondary group (NOT primary).
>>>>
>>>> And the share folder would have its gid bit set, so all the
>>>> writes to the folder would be accessible further by only people
>>>> belonging to WTCCC. Also I want a default umask of 770 for the
>>>> shared folder too.
>>>>
>>>> Could someone suggest a share configuration that can do these?
>>>>
>>>> Currently, I have
>>>>
>>>> [JIAGEN1]
>>>> comment = JIAGEN project share
>>>> path = /export/newWTCCC
>>>> valid write list = +WTCCC
>>>> # acl check permissions = true
>>>> # acl group control = yes
>>>> browseable = Yes
>>>> # read only = No
>>>> inherit acls = Yes
>>>> force group = +WTCCC
>>>> writable = yes
>>>> create mask = 0660
>>>> directory mask = 0770
>>>>
>>>> But as soon as I change the ownership of /export/newWTCCC to
>>>> root:WTCCC, the users are not able to access the share. But if I
>>>> have the force group enabled, everyone is able to access the
>>>> share (as it forces everyone to belong to the group, which should
>>>> not be the case).
>>>>
>>>> Thanks,
>>>> Prakash
>>
>>
>> No virus found in this incoming message.
>> Checked by AVG.
>> Version: 7.5.503 / Virus Database: 269.15.31/1130 - Release Date:
>> 11/14/2007 9:27 AM
>>
More information about the samba
mailing list