[Samba] Samba Secondary Groups
David van Laatum
david at vanlaatum.id.au
Sun Apr 18 23:19:04 MDT 2010
This has been bugging me for years but never got around to spending a lot of time on it until I now want/need to use it for work stuff.
Problem is simple I get access denied when trying to create a file in a directory that is not owned by me or my primary group that doesn't have world writable permissions. Ive also had similar issues with NFS mounts where I can't move/create/delete files via
nfs but works fine if I do it on the local machine even though I am the same user in the same groups. All relevant info I can think of follows let me know if anything else is needed. Spent all morning looking for an answer but only found hints of similar but not
applicable problems.
[14:14:36 root at adl-nas-01 filestore]# smbd -V
Version 3.2.5
[14:28:42 root at adl-nas-01 filestore]# uname -a
Linux adl-nas-01 2.6.26-2-amd64 #1 SMP Tue Mar 9 22:29:32 UTC 2010 x86_64 GNU/Linux
[14:28:42 root at adl-nas-01 filestore]# cat /etc/debian_version
5.0.4
[global]
security = ads
workgroup = VALEX
server string = File Store
realm = VALEX.LOCAL
password server = ldap.valex.local
wins server = 172.16.0.150
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 100
log level = 3
syslog = 1
panic action = /usr/share/samba/panic-action %d
encrypt passwords = yes
printing = bsd
printcap name = /etc/printcap
idmap backend = ad
passdb backend = tdbsam
idmap uid = 100-90000
idmap gid = 100-900000
winbind cache time = 300
winbind nss info = rfc2307
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
winbind separator = /
winbind nested groups = yes
template homedir = /home/%U/homedir
template shell = /bin/bash
debug uid = yes
[Accounts]
comment = Accounts Stuff
path = /filestore/accounts
guest ok = no
browseable = yes
; valid users = @VALEX/vxAccounts @VALEX/vxSystems
create mask = 0660
directory mask = 0770
fstype = EXT3
; force group = + at VALEX/vxAccounts
[14:32:58 root at adl-nas-01 filestore]# id dvanlaatum
uid=10440(dvanlaatum) gid=20000(vxsystems) groups=20000(vxsystems),20002(domain admins),20003(domain users),20001(vxallusers),5006(BUILTIN/administrators),5007(BUILTIN/users)
[14:35:02 root at adl-nas-01 filestore]# ls -ald /filestore/accounts/
drwxrwxr-x 3 root vxallusers 4096 2010-04-19 11:32 /filestore/accounts/
[14:37:54 david at L00018 ~]# smbclient -U dvanlaatum //adl-nas-01/Accounts
Password:
Domain=[VALEX] OS=[Unix] Server=[Samba 3.2.5]
smb: \> mkdir test
NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \test
More information about the samba
mailing list