[Samba] Force set group id on samba domain member
Rowland Penny
rpenny at samba.org
Tue Jul 24 13:12:52 UTC 2018
On Tue, 24 Jul 2018 14:38:31 +0200
Michal via samba <samba at lists.samba.org> wrote:
> Samba DM config below.
> Directories with setgid:
>
> $ll /home4/group
> total 32
> drwxrws--- 7 NIS\nisadmin NIS\audio 4096 Jul 24 14:14 audio
> drwxrwx--- 2 NIS\nisadmin NIS\dok-sprava 4096 Jul 21 09:23 dok-sprava
> drwxrwx--- 2 NIS\nisadmin NIS\poj 4096 Jul 23 08:38 poj
> drwxrwx--- 2 NIS\nisadmin NIS\projekty 4096 Jul 23 09:14 projekty
>
> When user creates file/dir directly on linux, the files has correct
> group:
>
> $ mkdir /home4/group/audio/test1dir
> $ touch /home4/group/audio/test1file
> $ ll /home4/group/audio
> total 4
> drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir
> -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 08:16 test1file
>
> But when the same user creates files when logged into windows:
>
> windows:
> T:\audio>mkdir test1dir2
> T:\audio>echo test > test1file2
>
> linux:
>
> $ll /home4/group/audio
> total 40
> drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir
> drwxrwsr-x+ 2 NIS\test1 NIS\domain users 4096 Jul 24 12:35
> test1dir2 -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24
> 08:16 test1file -rwxrwxr-x+ 1 NIS\test1 NIS\domain users 7 Jul
> 24 12:35 test1file2
>
> there is "NIS\\domain users" group instead of expected and needed
> "NIS\\audio" group.
This is to be expected with your smb.conf
>
> Where can be the problem?
>
> Thanks, Michal
>
> smb.conf on samba4 DM:
> [global]
> security = ADS
> workgroup = NIS
> realm = uhn.nemuh.cz
> winbind offline logon = yes
> winbind enum users = yes
> winbind enum groups = yes
> ..
> log file = /var/log/samba/%m.log
> log level = 1
>
> idmap config * : backend = tdb
> idmap config * : range = 10000-19999
> idmap config ad
>
> # idmap config for the NIS domain
> idmap config NIS:backend = ad
> idmap config NIS:schema_mode = rfc2307
> idmap config NIS:range = 100-9999
> idmap config NIS:unix_nss_info = yes
try adding:
idmap config NIS:unix_primary_group = yes
Rowland
More information about the samba
mailing list