[Samba] samba ldap group shares don't work anymore

Georg georg at jbb-freiburg.de
Sat Feb 23 09:40:27 GMT 2008 

Dear list,
after 2 weeks running Samba 3.0.26a-3.5-1616-SUSE-SL10.3 without any
problems, access to shares with dedicated group rights stopped working.
Shares with user rights are still allright.
New shares are working. Only those 2 weeks old, with all their groups not.
Smbclient quits with: tree connect failed: NT_STATUS_BAD_NETWORK_NAME

Smbd Log shows this:

[2008/02/23 10:25:37, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-5-21-1664890072-4027361542-1527094963-21002
  se_access_check: also S-1-5-21-1664890072-4027361542-1527094963-21017
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
  se_access_check: also S-1-22-2-10008
[2008/02/23 10:25:37, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (10001, 10008) - sec_ctx_stack_ndx = 0
[2008/02/23 10:25:37, 0] smbd/service.c:make_connection_snum(1003)
  '/home/groups/xxx_punkt' does not exist or permission denied when connecting to [treff] Error was Keine Berechtigung
[2008/02/23 10:25:37, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/02/23 10:25:37, 3] smbd/connection.c:yield_connection(69)


This Share (xxx_punkt) is owned by group (Unix gid 10008) of connecting user (XXX), 

(XXX) User LDIF Entry shows the right sambaPrimeryGroupSid: 21017

So groupmapping ist working fine.


G is:

[global]
	workgroup = xxxx-F
	server string = Samba 
	map to guest = Bad User
	passdb backend = ldapsam
	log level = 3
	time server = Yes
	logon path = \\%L\profiles\.msprofile
	logon drive = P:
	logon home = \\%L\%U\.9xprofile
	domain logons = Yes
	os level = 99
	preferred master = Yes
	domain master = Yes
	wins support = Yes
	ldap admin dn = cn=xxxxx,dc=xxxxx-f,dc=de
	ldap group suffix = ou=groups
	ldap machine suffix = ou=hosts
	ldap passwd sync = Yes
	ldap suffix = dc=xxxxx-f,dc=de
	ldap ssl = no
	ldap user suffix = ou=users
	winbind nested groups = No

 



As you see the server is setted up as a PDC, at the moment his only role
is to work standalone only for user and group shares.
Surprising for me is the fact of 2 weeks working fine and stopping it
without! changing anything.

Regards Georg

More information about the samba mailing list