[Samba] Samba4 binding LDAP Server
Danilo Mussolini
danilo at mdotti.com
Mon Jun 2 09:09:33 MDT 2014
Yes, the users in LDAP have the POSIX entry set. That's why I can see them
running the id command.
On Mon, Jun 2, 2014 at 11:36 AM, Rowland Penny <rowlandpenny at googlemail.com>
wrote:
> On 02/06/14 15:22, Danilo Mussolini wrote:
>
>>
>> No, for sure they aren't. This user and groups only exist in the LDAP
>> database.
>>
>>
> Then this could well be your problem, It has been sometime since I worked
> with a samba3 server (and this is what you have, even if you are using
> Samba4) and I seem to remember that all LDAP users also had to be Unix
> users. Without LDAP users also being Unix users, the underlying Unix system
> did not know who the LDAP users & groups were.
>
> Rowland
>
> Danilo Mussolini
>> danilo at mdotti.com <mailto:danilo at mdotti.com>
>>
>>
>> On Jun 2, 2014 10:04 AM, "Rowland Penny" <rowlandpenny at googlemail.com
>> <mailto:rowlandpenny at googlemail.com>> wrote:
>>
>> On 02/06/14 13:57, Danilo Mussolini wrote:
>>
>> [root at Nemesis ~]# getfacl /u01/
>> getfacl: Removing leading '/' from absolute path names
>> # file: u01/
>> # owner: root
>> # group: o2pos
>> # flags: -s-
>> user::rwx
>> group::rwx
>> other::r-x
>>
>>
>> After setacl, looks like this:
>>
>>
>> [root at Nemesis ~]# getfacl /u01
>> getfacl: Removing leading '/' from absolute path names
>> # file: u01
>> # owner: root
>> # group: o2pos
>> # flags: -s-
>> user::rwx
>> group::rwx
>> group:o2pos:rw-
>> mask::rwx
>> other::r-x
>>
>>
>> Still not working. Maybe there is a bug in Samba4 when taking
>> users and
>> groups from a LDAP database.
>>
>>
>>
>>
>>
>>
>>
>> On Mon, Jun 2, 2014 at 8:57 AM, steve <steve at steve-ss.com
>> <mailto:steve at steve-ss.com>> wrote:
>>
>> On Sun, 2014-06-01 at 22:28 -0300, Danilo Mussolini wrote:
>>
>> Yes, maybe I'm wrong naming that.
>> As Rowland said it is a standalone server which
>> authenticates users
>> from LDAP.
>>
>>
>> I have just noticed something in my tests with this
>> file server. As
>> mentioned before, I have the following share:
>>
>>
>> [Test]
>> comment = test
>> path = /u01
>> read only = no
>>
>>
>>
>>
>> And /u01 folder has the following permissions:
>>
>>
>> drwxrwsr-x 5 root o2pos 4096 Jun 1 13:16 u01
>>
>> What does:
>> getfacl /u01
>> look like?
>>
>>
>>
>>
>> I'm authenticating with the user mussolini (which is
>> my name :)) from
>> the LDAP database:
>> [root at Nemesis ~]# id mussolini
>> uid=3001(mussolini) gid=3001(mussolini)
>> groups=3001(mussolini),3003(admins),3014(o2pos)
>>
>>
>>
>>
>> The authentication is done and the share Test is
>> mounted successfully,
>> but even my user been a member of "o2pos" group, I
>> can't write in
>> this folder. So, if I change the group owner of the
>> u01 folder to
>> "admins" (which also has my user as member) I can
>> write files and
>> folders normally in the Test share. Curious , isn't it ?
>>
>>
>> Just to remember, this only happens in Samba4.
>>
>> try:
>> setfacl -m -R g:o2pos:rw /u01
>>
>> HTH
>> Steve
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and
>> read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>> As we have found out that this is a standalone server with users &
>> groups in LDAP and that users are connecting from other machines,
>> can I ask what might be a stupid question, are the LDAP users and
>> groups also local users & groups on the standalone server ?
>>
>> Rowland
>>
>> -- To unsubscribe from this list go to the following URL and read
>> the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list