[Samba] Creating a group share

Wed Nov 14 19:39:06 GMT 2007

Hello All,

Wanted to update you all that this issue is resolved.
This is my working configuration.

[global]
	workgroup = WORKGROUPNAME
	netbios name = servername
	encrypt passwords = yes
	password server = *
	passdb backend = ldapsam:"ldaps://x.y.z"
	log level = 9
	syslog = 0
	name resolve order = wins bcast hosts
	ldap suffix = o=x,c=y
	ldap machine suffix = ou=xx
	ldap group suffix = ou=yy
	ldap user suffix = ou=xx
	ldap idmap suffix = ou=nn
	ldap admin dn = cn=Manager,o=x,c=y
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	winbind use default domain = yes
	winbind cache time = 5
	printing = cups
	printcap name = cups
	printcap cache time = 750
	cups options = raw
	map to guest = Bad User
	security = user
[JIAGEN]
	comment = JIAGEN project share
	path = /export/WTCCC
	valid users = @WTCCC
	write list = +WTCCC
	read only = No
	inherit acls = Yes
	force group = +WTCCC
	writable = yes
	create mask = 0660
	directory mask = 0770

I had some issue with server-side caching, which got resolved once I  
stopped nscd on the server.

Now everything is peachy!!!

Thanks,
Prakash

On Nov 14, 2007, at 10:13 AM, Dale Schroeder wrote:

> Are there any errors in the logs?  If not, try increasing your log  
> level to 10.
> What does the global section of your smb.conf look like, and which  
> version of Samba are you running?
> If it is an openldap problem, maybe one of the ldap experts (which I  
> am not) could spot it.
>
> Dale
>
> Prakash Velayutham wrote:
>>
>> To add more info, I am seeing the following in the logs. So I am  
>> guessing authentication is working fine. It is something with  
>> regards to the group membership that is not.
>>
>> [2007/11/14 09:41:06, 5] auth/auth.c:check_ntlm_password(296)
>>   check_ntlm_password:  PAM Account for user [prakash] succeeded
>> [2007/11/14 09:41:06, 2] auth/auth.c:check_ntlm_password(309)
>>   check_ntlm_password:  authentication for user [prakash] ->  
>> [prakash] -> [prakash] succeeded
>>
>> Thanks,
>> Prakash
>
>
> Prakash Velayutham wrote:
>>
>> Hi Dale,
>>
>> Thanks for the response. I changed my share configuration as below.  
>> But now I cannot authenticate.
>>
>> [JIAGEN1]
>>  comment = JIAGEN project share
>>  path = /export/newWTCCC
>>  valid users = +WTCCC
>>  write list = +WTCCC
>>  read only = No
>>  inherit acls = Yes
>>  force group = +WTCCC
>>  writable = yes
>>  create mask = 0660
>>  directory mask = 0770
>>
>> Any ideas why?
>>
>> I checked that the user is a part of the group (though not primary).
>>
>> bmifsrd2:~ # groups prakash
>> prakash : users torque-users calendar-users irc-users WTCCC plone- 
>> managers plone-members fmadmin fmuser
>>
>> Thanks,
>> Prakash
>>
>> On Nov 14, 2007, at 8:57 AM, Dale Schroeder wrote:
>>
>>> Prakash,
>>>
>>> You have inadvertently combined two parameters.  There is no  
>>> "valid write list" parameter.
>>> You should use
>>>     write list = +WTCCC
>>>     valid users = +WTCCC
>>>
>>> It should work after correcting the parameter.
>>>
>>> Good luck,
>>> Dale
>>>
>>> Prakash Velayutham wrote:
>>>>
>>>> Hello,
>>>>
>>>> I have a Samba PDC (3.x) running in a OpenSUSE 10.2 system. The  
>>>> authentication backend is Open LDAP.
>>>>
>>>> I want to create a group share (WTCCC) which should be accessible  
>>>> to a group of users (belonging to a group called WTCCC). The  
>>>> users' possess this group as their secondary group (NOT primary).
>>>>
>>>> And the share folder would have its gid bit set, so all the  
>>>> writes to the folder would be accessible further by only people  
>>>> belonging to WTCCC. Also I want a default umask of 770 for the  
>>>> shared folder too.
>>>>
>>>> Could someone suggest a share configuration that can do these?
>>>>
>>>> Currently, I have
>>>>
>>>> [JIAGEN1]
>>>>     comment = JIAGEN project share
>>>>     path = /export/newWTCCC
>>>>     valid write list = +WTCCC
>>>> #    acl check permissions = true
>>>> #    acl group control = yes
>>>>     browseable = Yes
>>>> #    read only = No
>>>>     inherit acls = Yes
>>>>     force group = +WTCCC
>>>>     writable = yes
>>>>     create mask = 0660
>>>>     directory mask = 0770
>>>>
>>>> But as soon as I change the ownership of /export/newWTCCC to  
>>>> root:WTCCC, the users are not able to access the share. But if I  
>>>> have the force group enabled, everyone is able to access the  
>>>> share (as it forces everyone to belong to the group, which should  
>>>> not be the case).
>>>>
>>>> Thanks,
>>>> Prakash
>>
>>
>> No virus found in this incoming message.
>> Checked by AVG.
>> Version: 7.5.503 / Virus Database: 269.15.31/1130 - Release Date:  
>> 11/14/2007 9:27 AM
>>