[Samba] Samba4 binding LDAP Server
Rowland Penny
rowlandpenny at googlemail.com
Mon Jun 2 07:04:32 MDT 2014
On 02/06/14 13:57, Danilo Mussolini wrote:
> [root at Nemesis ~]# getfacl /u01/
> getfacl: Removing leading '/' from absolute path names
> # file: u01/
> # owner: root
> # group: o2pos
> # flags: -s-
> user::rwx
> group::rwx
> other::r-x
>
>
> After setacl, looks like this:
>
>
> [root at Nemesis ~]# getfacl /u01
> getfacl: Removing leading '/' from absolute path names
> # file: u01
> # owner: root
> # group: o2pos
> # flags: -s-
> user::rwx
> group::rwx
> group:o2pos:rw-
> mask::rwx
> other::r-x
>
>
> Still not working. Maybe there is a bug in Samba4 when taking users and
> groups from a LDAP database.
>
>
>
>
>
>
>
> On Mon, Jun 2, 2014 at 8:57 AM, steve <steve at steve-ss.com> wrote:
>
>> On Sun, 2014-06-01 at 22:28 -0300, Danilo Mussolini wrote:
>>> Yes, maybe I'm wrong naming that.
>>> As Rowland said it is a standalone server which authenticates users
>>> from LDAP.
>>>
>>>
>>> I have just noticed something in my tests with this file server. As
>>> mentioned before, I have the following share:
>>>
>>>
>>> [Test]
>>> comment = test
>>> path = /u01
>>> read only = no
>>>
>>>
>>>
>>>
>>> And /u01 folder has the following permissions:
>>>
>>>
>>> drwxrwsr-x 5 root o2pos 4096 Jun 1 13:16 u01
>>>
>> What does:
>> getfacl /u01
>> look like?
>>
>>>
>>>
>>>
>>> I'm authenticating with the user mussolini (which is my name :)) from
>>> the LDAP database:
>>> [root at Nemesis ~]# id mussolini
>>> uid=3001(mussolini) gid=3001(mussolini)
>>> groups=3001(mussolini),3003(admins),3014(o2pos)
>>>
>>>
>>>
>>>
>>> The authentication is done and the share Test is mounted successfully,
>>> but even my user been a member of "o2pos" group, I can't write in
>>> this folder. So, if I change the group owner of the u01 folder to
>>> "admins" (which also has my user as member) I can write files and
>>> folders normally in the Test share. Curious , isn't it ?
>>>
>>>
>>> Just to remember, this only happens in Samba4.
>>>
>> try:
>> setfacl -m -R g:o2pos:rw /u01
>>
>> HTH
>> Steve
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
As we have found out that this is a standalone server with users &
groups in LDAP and that users are connecting from other machines, can I
ask what might be a stupid question, are the LDAP users and groups also
local users & groups on the standalone server ?
Rowland
More information about the samba
mailing list