[Samba] problem with user nobody and net groupmap
Adam Williams
awilliam at mdah.state.ms.us
Mon Apr 14 03:41:10 GMT 2008
When I do net groupmap add rid=514 ntgroup="Domain Guests"
unixgroup=nobody type=d and then try to connect to a share called share
which only allows guest connections with the following permissions:
[global]
guest account = nobody
map to guest = bad user
map to guest = bad password
[share]
path = /samba/admin
force directory mode = 777
writeable = Yes
create mode = 777
force create mode = 777
directory mode = 777
force group = admin
guest ok = Yes
guest only = Yes
I get the error in the samba log:
[2008/04/13 22:27:26, 2] passdb/pdb_ldap.c:init_group_from_ldap(2162)
init_group_from_ldap: Entry found for group: 65534
[2008/04/13 22:27:26, 1] auth/auth_util.c:create_token_from_username(1110)
nobody is a Domain Group, not a user
however, if I run net groupmap delete ntgroup="Domain Guests" then I can
connect to the share fine. Why is this? Why can't samba connect as the
user nobody when the nobody group is mapped? nobody is loaded into ldap:
[root at roark samba]# ldapsearch -D
'cn=Manager,dc=mdah,dc=state,dc=ms,dc=us' -b
"uid=nobody,ou=People,dc=mdah,dc=state,dc=ms,dc=us" -w xxxxxxxxxxxx -x
# extended LDIF
#
# LDAPv3
# base <uid=nobody,ou=People,dc=mdah,dc=state,dc=ms,dc=us> with scope
subtree
# filter: (objectclass=*)
# requesting: ALL
#
# nobody, People, mdah.state.ms.us
dn: uid=nobody,ou=People,dc=mdah,dc=state,dc=ms,dc=us
uid: nobody
cn: Nobody
sn: Nobody
mail: nobody at mdah.state.ms.us
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: hostObject
userPassword:: xxxxxxxxxxxxxxxx
shadowLastChange: 13966
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/sh
uidNumber: 65534
gidNumber: 65534
host: roark
host: archives3
host: arrowhead
host: preshs
host: wmounds
host: manship
host: welty
homeDirectory: /home
gecos: Nobody
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[root at roark samba]#
[root at roark samba]# ldapsearch -D
'cn=Manager,dc=mdah,dc=state,dc=ms,dc=us' -b
"cn=nobody,ou=Group,dc=mdah,dc=state,dc=ms,dc=us" -w xxxxxxxxxx -x
# extended LDIF
#
# LDAPv3
# base <cn=nobody,ou=Group,dc=mdah,dc=state,dc=ms,dc=us> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# nobody, Group, mdah.state.ms.us
dn: cn=nobody,ou=Group,dc=mdah,dc=state,dc=ms,dc=us
objectClass: posixGroup
objectClass: top
cn: nobody
userPassword:: xxxxxxxxxxxxxx
gidNumber: 65534
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
More information about the samba
mailing list