[Samba] Samba + LDAP: Changing user's group

davefu davefury at gmail.com
Mon Dec 21 01:02:45 MST 2009 

Bump


Wes Deviers wrote:
> 
> I'm having this same problem, but it's new.  Using 3.4.2 Debian packages, 
> recently upgraded.  I never had any type of LDAP group caching problem
> until 
> the last 2 weeks.  I added a user to an LDAP group as normal because they 
> needed access to a new share.  Cleared the nscd caches as normal.  The
> service 
> definition uses
> 
> force group = +groupName
> valid users = @admins, @groupName
> write list = @admins, @groupName
> 
> All of the people previously in @groupName retain access to the share. 
> The 
> person I just added cannot access it.  getent, groups, etc all return the 
> correct group membership.  If I add the account explicitly to valid users
> & 
> write list, it works as soon as I do an smbd reload.  
> 
> Did some behavior change or have we stumbled on a new bug?
> 
> Wes
> 
> 
> 
> On Monday 30 November 2009 07:29:33 am davefu wrote:
>> 
>> Hi, thanks for answering.
>> 
>> I have only 1 Samba server. When I mentioned changes on groups, I meant
>> on
>> LDAP server. LDAP is used on both system and samba environments. When
>> changing groups on users, those changes are instant on the system
>> environment, but not on Samba.
>> 
>> - I create a new "Folder A", with full permissions for "Group A"
>> - "User B" (belonging to group B), logs via SSH to the server, and can't
>> access the "Folder A".
>> - "User B" logs via Samba using his Windows desktop machine, and can't
>> access the "Folder A" (previously configured inside a Samba Resource).
>> - Now I add "User B" to "Group A" via LDAP. He belongs now to "Group A"
>> and
>> "Group B".
>> - Getent group | grep "User B" shows correctly both groups on the user.
>> - "User B" correctly access "Folder A", write files, etc via console,
>> ssh,
>> or any kind of regular system authentication (since system is using pam
>> libraries, configured to use LDAP as backend).
>> - "User B" still can't access "Folder A" in any way. Samba has cached
>> "User
>> B" credentials, and haven't checked LDAP again for a while. The only
>> option
>> is to restart Samba, or wait randomly until Samba refreshes / syncs LDAP
>> info about that user again.
>> 
>> Hope this little story explains my problem better.
>> Sorry for my english.
>> 
>> Thanks!
>> 
>> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 

-- 
View this message in context: http://old.nabble.com/Samba-%2B-LDAP%3A-Changing-user%27s-group-tp26421317p26870920.html
Sent from the Samba - General mailing list archive at Nabble.com.

More information about the samba mailing list