[Samba] Samba4 binding LDAP Server
Danilo Mussolini
danilo at mdotti.com
Mon Jun 2 06:57:56 MDT 2014
[root at Nemesis ~]# getfacl /u01/
getfacl: Removing leading '/' from absolute path names
# file: u01/
# owner: root
# group: o2pos
# flags: -s-
user::rwx
group::rwx
other::r-x
After setacl, looks like this:
[root at Nemesis ~]# getfacl /u01
getfacl: Removing leading '/' from absolute path names
# file: u01
# owner: root
# group: o2pos
# flags: -s-
user::rwx
group::rwx
group:o2pos:rw-
mask::rwx
other::r-x
Still not working. Maybe there is a bug in Samba4 when taking users and
groups from a LDAP database.
On Mon, Jun 2, 2014 at 8:57 AM, steve <steve at steve-ss.com> wrote:
> On Sun, 2014-06-01 at 22:28 -0300, Danilo Mussolini wrote:
> > Yes, maybe I'm wrong naming that.
> > As Rowland said it is a standalone server which authenticates users
> > from LDAP.
> >
> >
> > I have just noticed something in my tests with this file server. As
> > mentioned before, I have the following share:
> >
> >
> > [Test]
> > comment = test
> > path = /u01
> > read only = no
> >
> >
> >
> >
> > And /u01 folder has the following permissions:
> >
> >
> > drwxrwsr-x 5 root o2pos 4096 Jun 1 13:16 u01
> >
> What does:
> getfacl /u01
> look like?
>
> >
> >
> >
> >
> > I'm authenticating with the user mussolini (which is my name :)) from
> > the LDAP database:
> > [root at Nemesis ~]# id mussolini
> > uid=3001(mussolini) gid=3001(mussolini)
> > groups=3001(mussolini),3003(admins),3014(o2pos)
> >
> >
> >
> >
> > The authentication is done and the share Test is mounted successfully,
> > but even my user been a member of "o2pos" group, I can't write in
> > this folder. So, if I change the group owner of the u01 folder to
> > "admins" (which also has my user as member) I can write files and
> > folders normally in the Test share. Curious , isn't it ?
> >
> >
> > Just to remember, this only happens in Samba4.
> >
>
> try:
> setfacl -m -R g:o2pos:rw /u01
>
> HTH
> Steve
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list