[Samba] Samba4 binding LDAP Server
Rowland Penny
rowlandpenny at googlemail.com
Mon Jun 2 08:36:46 MDT 2014
On 02/06/14 15:22, Danilo Mussolini wrote:
>
> No, for sure they aren't. This user and groups only exist in the LDAP
> database.
>
Then this could well be your problem, It has been sometime since I
worked with a samba3 server (and this is what you have, even if you are
using Samba4) and I seem to remember that all LDAP users also had to be
Unix users. Without LDAP users also being Unix users, the underlying
Unix system did not know who the LDAP users & groups were.
Rowland
> Danilo Mussolini
> danilo at mdotti.com <mailto:danilo at mdotti.com>
>
> On Jun 2, 2014 10:04 AM, "Rowland Penny" <rowlandpenny at googlemail.com
> <mailto:rowlandpenny at googlemail.com>> wrote:
>
> On 02/06/14 13:57, Danilo Mussolini wrote:
>
> [root at Nemesis ~]# getfacl /u01/
> getfacl: Removing leading '/' from absolute path names
> # file: u01/
> # owner: root
> # group: o2pos
> # flags: -s-
> user::rwx
> group::rwx
> other::r-x
>
>
> After setacl, looks like this:
>
>
> [root at Nemesis ~]# getfacl /u01
> getfacl: Removing leading '/' from absolute path names
> # file: u01
> # owner: root
> # group: o2pos
> # flags: -s-
> user::rwx
> group::rwx
> group:o2pos:rw-
> mask::rwx
> other::r-x
>
>
> Still not working. Maybe there is a bug in Samba4 when taking
> users and
> groups from a LDAP database.
>
>
>
>
>
>
>
> On Mon, Jun 2, 2014 at 8:57 AM, steve <steve at steve-ss.com
> <mailto:steve at steve-ss.com>> wrote:
>
> On Sun, 2014-06-01 at 22:28 -0300, Danilo Mussolini wrote:
>
> Yes, maybe I'm wrong naming that.
> As Rowland said it is a standalone server which
> authenticates users
> from LDAP.
>
>
> I have just noticed something in my tests with this
> file server. As
> mentioned before, I have the following share:
>
>
> [Test]
> comment = test
> path = /u01
> read only = no
>
>
>
>
> And /u01 folder has the following permissions:
>
>
> drwxrwsr-x 5 root o2pos 4096 Jun 1 13:16 u01
>
> What does:
> getfacl /u01
> look like?
>
>
>
>
> I'm authenticating with the user mussolini (which is
> my name :)) from
> the LDAP database:
> [root at Nemesis ~]# id mussolini
> uid=3001(mussolini) gid=3001(mussolini)
> groups=3001(mussolini),3003(admins),3014(o2pos)
>
>
>
>
> The authentication is done and the share Test is
> mounted successfully,
> but even my user been a member of "o2pos" group, I
> can't write in
> this folder. So, if I change the group owner of the
> u01 folder to
> "admins" (which also has my user as member) I can
> write files and
> folders normally in the Test share. Curious , isn't it ?
>
>
> Just to remember, this only happens in Samba4.
>
> try:
> setfacl -m -R g:o2pos:rw /u01
>
> HTH
> Steve
>
>
> --
> To unsubscribe from this list go to the following URL and
> read the
> instructions: https://lists.samba.org/mailman/options/samba
>
> As we have found out that this is a standalone server with users &
> groups in LDAP and that users are connecting from other machines,
> can I ask what might be a stupid question, are the LDAP users and
> groups also local users & groups on the standalone server ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list