[Samba] samba & unix group permissions problems
Mariano Absatz
el.baby at gmail.com
Wed Nov 4 04:47:44 MST 2009
Paul te Bokkel escribió el 04/11/09 06:47:
> Sounds like your nsswitch.conf to me, perhaps in combination with your
> ID backend. Check the output of:
> getent passwd <accountname>
>
> It should list any LDAP account, with the groups you have added them to..
>
Well...
"getent passwd mary" yelds just the "passwd" entry, something like:
mary:*:100036:100000:Mary James:/home/DOMAIN/mary:/bin/bash
nothing further than the primary Mary's group (100000).
However "getent group accountatns" does include mary:
accountants:*:97019:mary,patricia
My nsswitch.conf looks like this:
########### nsswitch.conf ###############
passwd: files ldap [NOTFOUND=return] db
group: files ldap [NOTFOUND=return] db
shadow: files ldap
hosts: files dns wins
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
########### nsswitch.conf ###############
and the ID backend parts of my smb.conf look like this:
################## smb.conf ##################
##################################################################################
# IDENTINTY MAPPING between windows and unix (SID <==> UID/GID)
# WINBIND
##################################################################################
# http://samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html
##################################################################################
idmap backend = ldap:ldap://ldap0.i.domain.org
# http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPUID
idmap uid = 90000-99999
# http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPGID
idmap gid = 90000-99999
# ALL relevant UID/GID are stored in LDAP
# http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#LDAPSAM:TRUSTED
ldapsam:trusted = yes
# Manage users directly on LDAP
# http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#LDAPSAM:EDITPOSIX
ldapsam:editposix = yes
# http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPCONFIG
# http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPBACKEND
idmap config DOMAIN:backend = ldap
idmap config DOMAIN:ldap_url = ldap://ldap0.i.domain.org
idmap config DOMAIN:ldap_user_dn = cn=admin,cn=config
idmap config DOMAIN:ldap_base_dn = ou=idmap,o=domain
idmap config DOMAIN:readonly = no
#idmap config DOMAIN:default = yes
#idmap config DOMAIN:range = 100000-500000
################## smb.conf ##################
I'm using samba 3.3.2 from the standard Ubuntu 9.04 packages
(3.3.2-1ubuntu3.2), except that I rebuilt the ubuntu winbind package
because the idmap ldap.so module is not included in it (see
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/397203).
--
Mariano Absatz - "El Baby"
el.baby at gmail.com
www.clueless.com.ar
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Clarke's Third Law: Any sufficiently advanced technology is
indistinguishable from magic.
Arthur C. Clarke, 1973
English physicist & science fiction author (1917 - 2008)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
* TagZilla 0.066 * http://tagzilla.mozdev.org
More information about the samba
mailing list