[Samba] Shares stopped working for groups

Nick Howitt nick at howitts.co.uk
Mon Jul 20 09:37:07 UTC 2020 

Bump, please.

On 18/07/2020 08:41, Nick Howitt via samba wrote:
>
> I messed up on my reply yesterday.
>
> On 17/07/2020 21:05, Rowland penny via samba wrote:
>>
>> On 17/07/2020 19:57, Nick Howitt via samba wrote:
>>> Hi,
>>> I have a ClearOS 7.8 system which is running 
>>> samba-4.10.4-11.el7_8.x86_64, and it upgraded to this just over a 
>>> week ago (probably not relevant). A couple of days ago all the group 
>>> shares failed. I discovered that if I switched them to the built-in 
>>> group "allusers" the share worked fine. It fails for any 
>>> user-defined group but it used to work. Samba is running as a PDC 
>>> and the configs, including one share are:
>>>
>>> If I change the valid users to the "allusers" group and change the 
>>> folder permissions, it works fine.
>>>
>>>
>>>
>>>    [root at server ~]# wbinfo --group-info='allusers'
>>>    allusers:x:63000:
>>
>> Interesting, you have: idmap config * : range = 20000000-29999999
>>
>> So where is '63000' coming from ?
>>
> No idea. This is how the O/S is provided and it was probably designed 
> when John Terpestra was helping out.
>>>
>>>    Jul 16 04:34:28 server winbindd[21471]: [2020/07/16
>>>    04:34:28.069299,  0]
>>>    ../../source3/winbindd/idmap_ldap.c:85(get_credentials)
>>>    Jul 16 04:34:28 server winbindd[21471]:  get_credentials: Unable to
>>>    fetch auth credentials for cn=manager,ou=Internal,dc=sha,dc=lan in *
>>>
>>>
>>> I have tried clearing the winbindd_cache.tdb and gencache.tdb but am 
>>> wary of clearing anything else without instruction.
>>
>> Have you run these commands :
>>
>> smbpasswd -w <ldap password>
>> net idmap set secret '*' <ldap password>
> Yes and it does not make any difference. How do I proceed with debugging?
>>
>> ClearOS is in for an interesting time when they upgrade to version 8, 
>> no Openldap or smbldap-tools, or to put it another way, can I suggest 
>> you jump distro and upgrade to AD.
>>
> The dev's are aware and I am not sure which way they will take the 
> product. Personally I really want to have AD DC compatibility and 
> think it would be good for business, but it may be onerous for small 
> installations and non-Windows environments.
>
> Nick
>
>
>
>

More information about the samba mailing list