[Samba] After upgrade from Debian Bookworm to Trixie we get access denied for group users
Wim De Geeter
wim.de-geeter at uni-graz.at
Mon Nov 24 12:18:20 UTC 2025
Thanks for your time!
I had the same tought, I tested it already before with
idmap config * : range = 20000-40000
Even when I comment it out it did not work
On 11/24/25 11:45, Rowland Penny wrote:
> On Sun, 23 Nov 2025 15:37:26 +0100
> Wim De Geeter <wim.de-geeter at uni-graz.at> wrote:
>
>> In the logs we see that the user1 (belongs to group1 and group2) are
>> found
>>
>>
>> /[2025/11/23 15:20:55.651217, 2]
>> source3/passdb/pdb_ldap.c:2415(init_group_from_ldap)
>> init_group_from_ldap: Entry found for group: 20000
>> [2025/11/23 15:20:55.653778, 2]
> I had another look at this and if you read the code around line 2415 in
> source3/passdb/pdb_ldap.c you find this:
>
> temp = smbldap_talloc_single_attribute(
> smbldap_get_ldap(ldap_state->smbldap_state),
> entry,
> get_attr_key2string(groupmap_attr_list,
> LDAP_ATTR_GIDNUMBER),
> ctx);
> if (!temp) {
> DEBUG(0, ("init_group_from_ldap: Mandatory attribute %s not found\n",
> get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GIDNUMBER)));
> TALLOC_FREE(ctx);
> return false;
> }
> DEBUG(2, ("init_group_from_ldap: Entry found for group: %s\n", temp));
>
> Which from my understanding means, find a gidNumber, which it is doing,
> it is returning '20000'.
>
> You also have this line in your smb.conf:
>
> idmap config * : range = 30000-40000
>
> '20000' is less than '30000'
>
> I think Samba is ignoring your groups.
>
> Rowland
>
>
>
More information about the samba
mailing list