[Samba] Problems with Group Ids and several samba servers
Johannes Amorosa | Celluloid VFX
johannesa at celluloid-vfx.com
Wed Apr 16 05:49:49 MDT 2014
Hello List,
we're having a problem mapping groups to a second server acting as a
Fileserver.
We use tdbsam with local users and groups on the pdc. We now want to
add more servers to
the setup, authenticating all users/groups via the domain. Adding the
appropriate users and groups and
do the mapping of uid and gid on the fileservers will be automatically
done via ssh with a usradd.sh script.
This should be a workaround until we have a proper domain user
authentication in place.
Script works fine and the users/groups on all machines are the same.
Authentication works. The testuser can login on the fileserver with the
domain credentials.
We fail in writing to the folder that *should* be accessible for the
group uw4 where testuser is
global and locally a member.
We tested writing locally:
drwxrws--- 2 root uw4 2 Apr 16 12:13 project
sudo -u testuser touch project/moo --> works
and we can write via samba in the root of the share folder, so I assume
user id works, but groups are ignored.
What am I missing? Thank you for your time.
JA
Setup:
PDC: Samba Version 3.3.4
-------------------------
smb.conf (skipped some irrelevant parts)
[global]
workgroup = OURCOMPANY
netbios name = PDCSRV
server string = %h PDC
passdb backend = tdbsam
socket options = IPTOS_LOWDELAY TCP_NODELAY
add user script = /etc/samba/usradd.sh %u
delete user script = /etc/samba/usrdel.sh %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/bin/gpasswd -a %u %g
delete user from group script = /usr/bin/gpasswd -d %u %g
add machine script = /etc/samba/pcadd.sh %u
logon script = scripts\%U.bat
logon path = \\%L\profiles\%U
logon drive = U:
logon home = \\%L\profiles\%U
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
enhanced browsing = No
[Netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = root, ntadmin
read only = No
browseable = No
create mask = 0775
directory mask = 0775
[Profiles]
comment = Roaming Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
browseable = No
[Share]
comment = Our Old Share
path = /mnt/share
read only = No
create mask = 0660
directory mask = 2770
Fileserver: Samba Version 3.6.3
-------------------------
testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[sambatest]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
[global]
workgroup = OURCOMPANY
netbios name = FILESERVER
server string = %h
log file = /var/log/samba/log.%m
log level = 1
syslog = 0
panic action = /usr/share/samba/panic-action %d
guest ok= no
domain logons = no
socket options = IPTOS_LOWDELAY TCP_NODELAY
security = domain
wins server = 192.168.1.254
template shell = /bin/bash
time server = yes
domain master = no
winbind trusted domains only = yes
encrypt passwords = yes
passdb backend = tdbsam
local master = no
preferred master = no
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
[sambatest]
read only = no
path = /silo/cachetest/
comment = Sambatest
veto files =
/._*/.DS_Store/.Trash*/.TemporaryItems/desktop.ini/Thumbs.db/.apdisk/
create mask = 0660
directory mask = 2770
--
Johannes Amorosa | Celluloid VFX
More information about the samba
mailing list