[Samba] member server and groups
nprice at gibb.co.za
Thu Apr 4 07:42:06 MDT 2013
I have a samba 3 member server joined to a samba pdc using ldap. Join is OK.
Version is from debian wheezy: 3.6.6
With servers that are bdc's I have no problems with authentication, with
the member server I cannot get group file permissions to work.
User file permissions work fine
Samba share user and group permissions work fine
getent group shows expected groups with correct gid, which is an
improvement on the 3.5.4 that I tried before.
Only thing interesting the logs show is access denied.
BUT if I change the dir/file permission to domain users group THEN it
So I think samba is only looking up the primary group. I know there was
bug like this somewhere around 3.6.0
Is "net idmap secret alloc" no longer needed? It responds with "The only
currently supported backend is LDAP". smbpasswd -w seemed to do all I
Critical parts of my smb.conf
I'm using the nss_ldap method with nss-ldapd
security = domain
workgroup = DOMAIN
ldap admin dn = cn=System Administrator,ou=people,dc=domain,dc=com
ldap suffix = dc=domain,dc=com
ldap user suffix = ou=people
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=winstations,ou=systems
ldap ssl = Off
idmap config DOMAIN : backend = ldap
idmap config DOMAIN : range = 80000-99000
idmap config DOMAIN : ldap_url = ldap://my.ldap.serverl/
winbind use default domain = yes
path = /home/shares/comp
inherit permissions = yes
public = no
browsable = yes
writeable = yes
valid users = @computer
drwxrwx--- 19 root computer 4096 Jan 18 15:25 comp
passwd: compat ldap
group: compat ldap
shadow: compat ldap
hosts: files dns wins
# The user and group nslcd should run as.
# The location at which the LDAP server(s) should be reachable.
# The search base that will be used for all queries.
# The LDAP protocol version to use.
# SSL options
# The search scope.
More information about the samba