[Samba] group permissions not setting correctly.
delpheye
delpheye at gmail.com
Mon Jul 12 12:15:21 MDT 2010
On Fri, Jul 9, 2010 at 4:16 PM, <tms3 at tms3.com> wrote:
>
> On Samba 3.5.4, I have a share that should be writable by all in the Domain
> Users group. When I write to the share, the permission mode is correct but
> the data doesn't have the correct group and instead lists the username as
> the group.
>
> Do you have:
>
> pam_ldap/nss_ldap .conf setup correctly (They may be the same file
> depending on Linux OS. Ubuntu server uses same file.)?
>
> nsswitch.conf set up correctly?
>
As far as I am aware, yes.
/etc/nsswitch.conf:
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns wins
bootparams: files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files ldap
publickey: files
automount: files ldap
aliases: files
/etc/pam.d/system-auth
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond
quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
I tried using "force group" but the share stopped being
> accessible after a restart so I removed it. It doesn't seem like this is
> standard behavior so I'm not sure what could be causing it.
>
> Relevant smb.conf info:
>
> [global]
> workgroup = domain
> netbios name = fs
> server string = domauin FS
> passdb backend = ldapsam:ldap://127.0.0.1
> printcap name = cups
> printing = cups
> security = user
> log level = 3
> name resolve order = wins bcast hosts
>
> ldap ssl = off
> ldap admin dn = cn=root,dc=domain,dc=com
> ldap suffix = dc=domain,dc=com
> ldap user suffix = ou=Users
> ldap group suffix = ou=Group
> ldap idmap suffix = ou=Idmap
> ldap machine suffix = ou=Computers
>
> ldap delete dn = Yes
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
> delete user script = /usr/sbin/smbldap-userdel "%u"
> delete group script = /usr/sbin/smbldap-groupdel "%g"
> logon path = \\%L\profiles\%U
> logon drive = H:
> logon home = \\%L\%U
> #logon script = %U.bat
> logon script = logon.bat
>
> domain master = Yes
> domain logons = Yes
> os level = 35
> preferred master = Yes
>
> idmap uid = 15000-20000
> idmap gid = 15000-20000
>
> passwd program = /usr/bin/passwd '%u'
> unix password sync = yes
> passwd chat = "*New UNIX password*" %n\n "*Retype new UNIX password*" %n\n
> "*updated successfully*"
> enable privileges = yes
> username map = /etc/samba/smbusers
> wins support = yes
>
> [public]
> path = /data/public
> create mask = 0775
> create mode = 0775
> directory mask = 0775
> guest ok = no
> browseable = Yes
> writable = yes
> write list = "@Domain Users"
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
More information about the samba
mailing list