[Samba] Force set group id on samba domain member
Michal
Michal67M at seznam.cz
Tue Jul 24 13:57:46 UTC 2018
For being honest, in my previous tests this user's (user test1) new files
was created with NIS\audio group as extected; but other user's files (user
amistest) was created with "NIS\domain users" group (in the same "audio"
directory). This lasted a few days.
It looked like
drwxr-sr-x 2 NIS\amistest NIS\audio 4096 Jul 24 08:17 amistestdir
drwxrwsr-x+ 2 NIS\amistest NIS\domain users 4096 Jul 24 11:48
amistestdir2 -> why NOT NIS\audio group?
-rw-r--r-- 1 NIS\amistest NIS\audio 0 Jul 24 08:17 amistestfile
-rwxrwxr-x+ 1 NIS\amistest NIS\domain users 7 Jul 24 11:49
amistestfile2 -> why NOT NIS\audio group?
drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir
-rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 08:16 test1file
But during writing my initial post about this topic, files of both these
users started to have "NIS\domain users" group. I am not aware of change
which could be the reason.
Michal
2018-07-24 15:12 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:
> On Tue, 24 Jul 2018 14:38:31 +0200
> Michal via samba <samba at lists.samba.org> wrote:
>
> > Samba DM config below.
> > Directories with setgid:
> >
> > $ll /home4/group
> > total 32
> > drwxrws--- 7 NIS\nisadmin NIS\audio 4096 Jul 24 14:14 audio
> > drwxrwx--- 2 NIS\nisadmin NIS\dok-sprava 4096 Jul 21 09:23 dok-sprava
> > drwxrwx--- 2 NIS\nisadmin NIS\poj 4096 Jul 23 08:38 poj
> > drwxrwx--- 2 NIS\nisadmin NIS\projekty 4096 Jul 23 09:14 projekty
> >
> > When user creates file/dir directly on linux, the files has correct
> > group:
> >
> > $ mkdir /home4/group/audio/test1dir
> > $ touch /home4/group/audio/test1file
> > $ ll /home4/group/audio
> > total 4
> > drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir
> > -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 08:16 test1file
> >
> > But when the same user creates files when logged into windows:
> >
> > windows:
> > T:\audio>mkdir test1dir2
> > T:\audio>echo test > test1file2
> >
> > linux:
> >
> > $ll /home4/group/audio
> > total 40
> > drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir
> > drwxrwsr-x+ 2 NIS\test1 NIS\domain users 4096 Jul 24 12:35
> > test1dir2 -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24
> > 08:16 test1file -rwxrwxr-x+ 1 NIS\test1 NIS\domain users 7 Jul
> > 24 12:35 test1file2
> >
> > there is "NIS\\domain users" group instead of expected and needed
> > "NIS\\audio" group.
>
> This is to be expected with your smb.conf
>
> >
> > Where can be the problem?
> >
> > Thanks, Michal
> >
> > smb.conf on samba4 DM:
> > [global]
> > security = ADS
> > workgroup = NIS
> > realm = uhn.nemuh.cz
> > winbind offline logon = yes
> > winbind enum users = yes
> > winbind enum groups = yes
> > ..
> > log file = /var/log/samba/%m.log
> > log level = 1
> >
> > idmap config * : backend = tdb
> > idmap config * : range = 10000-19999
> > idmap config ad
> >
> > # idmap config for the NIS domain
> > idmap config NIS:backend = ad
> > idmap config NIS:schema_mode = rfc2307
> > idmap config NIS:range = 100-9999
> > idmap config NIS:unix_nss_info = yes
>
> try adding:
>
> idmap config NIS:unix_primary_group = yes
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list