[Samba] Not using AD group when writing file

Carl Carpenter ccarpenter at hillcountry.org
Tue Dec 16 14:18:54 MST 2014 

On 16/12/14 20:47, Carl Carpenter wrote:

On 16/12/14 17:35, Carl Carpenter wrote:

Forgot to mention that the permissions are also incorrect.  They are
supposed to be 775 but come out as 744.

Carl Carpenter
Director, Information Services
Hill Country MHDD Centers
(830)258-5414 or ext. 2038


On 12/11/2014 4:13 PM, Carl Carpenter wrote:

Per your request

    [global]
          workgroup = HCCMHMRC
          realm = HILLCOUNTRY.LOCAL
          server string = Samba Server Version %v
          security = ADS
          log file = /var/log/samba/log.%m
          max log size = 50
          wins server = 192.168.0.7
          default service = global
          template homedir = /home/HCCMHMRC
          template shell = /bin/bash
          winbind enum users = Yes
          winbind enum groups = Yes
          winbind use default domain = Yes
          idmap config * : range = 16777216-33554431
          idmap config * : backend = tdb
          cups options = raw

[Intranet]
          path = /home/Intranet
          valid users = @intranet
          read only = No

Not sure what you mean by ACL on the folder but here's this:

drwxrwxr-x   6 apache intranet 4096 Dec 10 14:34 Intranet

Carl Carpenter
Director, Information Services
Hill Country MHDD Centers
(830)258-5414 or ext. 2038


On 12/11/2014 3:50 PM, Marc Muehlfeld wrote:

Hello Carl,

Am 11.12.2014 um 22:18 schrieb Carl Carpenter:

Trying to get Samba configured correctly.  Am using Active Directory for
authentication and that seems to be working correctly.  When creating a
Share, Security and Access Control list the AD users and groups.  If I take
my name out of the AD group, can't access the share.  Put my name in the
group and I can access it.  However, when I write a file to the folder,
while it shows my username, it shows domain users as the group instead of
the group name.  I had this working on Centos 6.6 and am using the same
instructions this time.  I'm sure I'm missing a setting somewhere but don't
know what.  Haven't been able to find anything on the web that addresses
it.  Any assistance will be appreciated.

Can you please show us your smb.conf [global] and the share config? And
also please the ACLs on this folder.


Regards,
Marc



Hi, Are you using sssd as well ? otherwise there doesn't seem to be
anything to get the user & group ID numbers.

Also, to get the ACL's run this command:

getfacl /home/Intranet

Rowland

=================================================
No, I'm not using sssd.  I used authconfig to set up the initial
authentication configuration.  Followed exactly the same steps I used for
Centos 6/Samba 3.x and it worked perfectly.

getfacl /home/Intranet
getfacl: Removing leading '/' from absolute path names
# file: home/Intranet
# owner: apache
# group: intranet
user::rwx
group::rwx
other::r-x



I think that you may be using sssd, but anyway, does 'getent <a domain
user>' show anything.

Rowland

=============================================
# getent apacheldap
Unknown database: apacheldap
Try `getent --help' or `getent --usage' for more information.



-- 

Carl Carpenter
Director, Information Services
Hill Country MHDD Centers
(830)258-5414 or ext. 2038

More information about the samba mailing list