[Samba] Can't get permission on a share to work problem with groups
Horace
mailinglist at lhplan.tk
Sun Feb 9 07:23:09 MST 2014
On 2014-02-09 09:10, Horace wrote:
> On 2014-02-09 07:08, Leander S. wrote:
>> Am 09.02.14 12:46, schrieb Horace:
>>> On 2014-02-09 06:39, Leander S. wrote:
>>>> Am 09.02.14 12:25, schrieb Horace:
>>>>> On 2014-02-09 06:11, Horace wrote:
>>>>>> On 2014-02-09 05:59, Leander S. wrote:
>>>>>>> Am 09.02.14 11:51, schrieb Horace:
>>>>>>>> On 2014-02-09 05:31, Leander S. wrote:
>>>>>>>>> Am 09.02.14 10:01, schrieb Horace:
>>>>>>>>>> I have also tried valid users = ACCOUNTSAD\"Domain Admins" but
>>>>>>>>>> I still get 'is none, expected a group'? What is the correct
>>>>>>>>>> syntax to providing groups in valid users field??
>>>>>>>>> I also wonder ;/
>>>>>>>>
>>>>>>>> I have already scoured the Internet and only found similar
>>>>>>>> questions without any defined solutions. So I wonder myself. :/
>>>>>>> That was one of my best research results, yet it didn't help.
>>>>>>> Goggle
>>>>>>> translate may help wit hlanguage compatibility ;)
>>>>>>>
>>>>>>> http://forge.univention.org/bugzilla/show_bug.cgi?id=29553
>>>>>>
>>>>>> Thanks but not to helpful, for whatever reason (that Google has
>>>>>> changed lately), I can't translate that page :/
>>>>>
>>>>> Although, the few English comments that I glance at that I could
>>>>> decipher, is to try with sid. Although this does work, what I can't
>>>>> I understand is what Group Names do not work ?
>>>>>
>>>>> [2014/02/09 06:17:22.927279, 3]
>>>>> ../libcli/security/dom_sid.c:209(dom_sid_parse_endp)
>>>>> string_to_sid: SID @Domain Admins is not in a valid format
>>>>
>>>>
>>>>
>>>> Well as funny as it may sound, BUT *drumroll*
>>>>
>>>> Following combination seems working just fine:
>>>>
>>>> write list = @Groupname
>>>> force user = Username
>>>>
>>>> So, Samba is ABLE to resolve my groupname - it's just not able with
>>>> the attribute *valid users* and *force group*. they seem broke?!
>>>
>>> I have been working on this for quite awhile now, should a bug report
>>> be reported? In any case, this would probably be a good reference in
>>> case anyone happens to run into this problem.
>> Thanks for offering. I would say so, since there is many people
>> affected. This is seriuosly affecting the quality of production
>> environments where share permissions are set based on group
>> memberships.
>>
>> Best regards
>> Leander S.
>
> No luck with write list = @Groupname, I have to assume it's probably
> because write list don't like group names with spaces. Neither of the
> below work:
>
> write list = @"ACCOUNTSAD\Domain Admins"
> write list = @ACCOUNTSAD\"Domain Admins"
> write list = @"Domain Admins"
>
> I am going to try:
>
> write list = @"\\ACCOUNTSAD\Domain Admins"
Interestingly, this share works as expected. Since I am in the 'Domain
Admins' group, I will create a plain user later and see if continue to
work as expected:
[Public Applications]
valid users = "\\ACCOUNTSAD\Domain Admins","\\ACCOUNTSAD\Domain Users"
comment = Publicly Shared Applications for Intranet Users
path = /srv/samba4/Public_Applications
write list = "\\ACCOUNTSAD\Domain Admins"
Maybe something wonky with '@groupname'? Don't know...
More information about the samba
mailing list