[Samba] Samba not get updated list of user group membership
Rowland Penny
rpenny at samba.org
Thu Jan 4 11:13:53 UTC 2024
On Thu, 4 Jan 2024 11:23:50 +0100
Tobias Hachmer via samba <samba at lists.samba.org> wrote:
> Hello and a Happy New Year to all,
>
> we have a Samba 3-Node CTDB Cluster running Standalone Samba with
> LDAP Backend.
>
> Samba Version: 99:4.18.9-9debian11
> OS: Debian 11
>
> Since a quite of time samba doesn't get the updated group list for a
> user. We add a user to an existing LDAP Group to grant access to an
> existing share. The passwd database gets updated via nslcd, but samba
> doesn't show all groups. Here's an example:
>
> Samba Log when the new user added to the group want to access the
> share: ---
> Jan 04 11:09:12 smb-002 smbd[1269695]: [2024/01/04 11:09:12.924665,
> 0] ../../source3/smbd/smb2_service.c:117(chdir_current_service)
> Jan 04 11:09:12 smb-002 smbd[1269695]: chdir_current_service:
> vfs_ChDir(/srv/samba/shares/EXAMPLE_SHARE) failed: Permission denied.
> Current token: uid=38923, gid=20000, 12 groups: 2086 2235 2241 2289
> 2332 2552 5505 5585 5619 5625 27 2117
> ---
>
> If I run id with the uid number I get all groups, which are more than
> samba shows in the log:
> ---
> ~# id 38923
> uid=38923(xxx) gid=20000(xxx)
> groups=27(xxx),2086(xxx),2117(xxx),2235(xxx),2241(xxx),2289(xxx),2332(xxx),2552(xxx),5505(xxx),5585(xxx),5587(xxx),5619(xxx),5625(xxx),20000(xxx)
> ---
>
> The group id in question is "5587", which is shown by id but not in
> the samba log.
>
> Our configuration is here: https://pastebin.com/NUQHLqrT
>
> I have invalidated the nscd group table, restarted the CTDB Cluster,
> restarted nslcd ...
>
> Any help really appreciated.
>
> Thanks and regards
> Tobias
Not an expert on CTDB by any means, but running Samba in the way you
are is the next thing to running an NT4-style domain and will probably
require SMBv1, which is turned off by default. You may also need to run
winbind to get group membership.
Rowland
More information about the samba
mailing list