[Samba] samba & unix group permissions problems
Mariano Absatz
el.baby at gmail.com
Fri Nov 6 15:03:17 MST 2009
Any hints, anyone?...
On Wed, Nov 4, 2009 at 08:47, Mariano Absatz <el.baby at gmail.com> wrote:
> Paul te Bokkel escribió el 04/11/09 06:47:
>>
>> Sounds like your nsswitch.conf to me, perhaps in combination with your ID
>> backend. Check the output of:
>> getent passwd <accountname>
>>
>> It should list any LDAP account, with the groups you have added them to..
>>
> Well...
>
> "getent passwd mary" yelds just the "passwd" entry, something like:
>
> mary:*:100036:100000:Mary James:/home/DOMAIN/mary:/bin/bash
>
> nothing further than the primary Mary's group (100000).
>
> However "getent group accountatns" does include mary:
>
> accountants:*:97019:mary,patricia
>
> My nsswitch.conf looks like this:
>
> ########### nsswitch.conf ###############
> passwd: files ldap [NOTFOUND=return] db
> group: files ldap [NOTFOUND=return] db
> shadow: files ldap
>
> hosts: files dns wins
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
> ########### nsswitch.conf ###############
>
>
>
> and the ID backend parts of my smb.conf look like this:
>
> ################## smb.conf ##################
> ##################################################################################
> # IDENTINTY MAPPING between windows and unix (SID <==> UID/GID)
> # WINBIND
> ##################################################################################
> # http://samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html
> ##################################################################################
>
> idmap backend = ldap:ldap://ldap0.i.domain.org
>
> # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPUID
> idmap uid = 90000-99999
> # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPGID
> idmap gid = 90000-99999
>
> # ALL relevant UID/GID are stored in LDAP
> # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#LDAPSAM:TRUSTED
> ldapsam:trusted = yes
> # Manage users directly on LDAP
> #
> http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#LDAPSAM:EDITPOSIX
> ldapsam:editposix = yes
>
> # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPCONFIG
> # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPBACKEND
> idmap config DOMAIN:backend = ldap
> idmap config DOMAIN:ldap_url = ldap://ldap0.i.domain.org
> idmap config DOMAIN:ldap_user_dn = cn=admin,cn=config
> idmap config DOMAIN:ldap_base_dn = ou=idmap,o=domain
> idmap config DOMAIN:readonly = no
> #idmap config DOMAIN:default = yes
> #idmap config DOMAIN:range = 100000-500000
> ################## smb.conf ##################
>
>
> I'm using samba 3.3.2 from the standard Ubuntu 9.04 packages
> (3.3.2-1ubuntu3.2), except that I rebuilt the ubuntu winbind package because
> the idmap ldap.so module is not included in it (see
> https://bugs.launchpad.net/ubuntu/+source/samba/+bug/397203).
>
>
>
>
> --
> Mariano Absatz - "El Baby"
> el.baby at gmail.com
> www.clueless.com.ar
>
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Clarke's Third Law: Any sufficiently advanced technology is
> indistinguishable from magic.
> Arthur C. Clarke, 1973
> English physicist & science fiction author (1917 - 2008)
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> * TagZilla 0.066 * http://tagzilla.mozdev.org
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Mariano Absatz - El Baby
www.clueless.com.ar
More information about the samba
mailing list