[Samba] Group membership not resolved on file server (winbind+kerberos+nfs4)
Andreas Hauffe
andreas.hauffe at tu-dresden.de
Wed Jan 20 18:20:03 UTC 2021
Am 20.01.21 um 17:46 schrieb Rowland penny via samba:
> On 20/01/2021 15:59, Andreas Hauffe wrote:
>>>
>>> Has the user logged in ?
>> Yes and no. The user has logged in on the client and tries to access
>> the NFS-share, but he has not logged in on the server.
> I take it that you mean the user has logged into a Unix client and is
> trying to access a share on another Samba server, if so, then the user
> is getting authenticated on the other Samba server, or to put it
> another way, the user is logged in on the other server.
>>>
>>> The group memberships didn't use to expand from trusted domains, but
>>> from my understanding, this was supposed to have been fixed from
>>> 4.9.0, see:
>>>
>>> https://bugzilla.samba.org/show_bug.cgi?id=13300
>> In case of a smb-share accessed from windows everthing works fine.
>
> It is possible the bug wasn't fixed 😕
Here is the point where I don't know, if it is a samba or an NFS problem
or both. I tried "smbclient -k -L //ilrfs1/" from the Linux client and
everything works fine. After the call, the fileserver has the correct
groups from both domains in samLogon. But it is not working, when using
NFSv4.
At least this is a workaround. The user have to login on the Linux
client and call "smbclient -k -L //ilrfs1/". Then the samLogon entry on
the file server is correct and I have to clear the wrong cache on the
file server with "date -d tomorrow +%s >
/proc/net/rpc/auth.unix.gid/flush". Afterwards the user can access all
accessible directories.
Regards,
Andreas
More information about the samba
mailing list