Hello All,
Wanted to update you all that this issue is resolved.
This is my working configuration.
[global]
workgroup = WORKGROUPNAME
netbios name = servername
encrypt passwords = yes
password server = *
passdb backend = ldapsam:"ldaps://x.y.z"
log level = 9
syslog = 0
name resolve order = wins bcast hosts
ldap suffix = o=x,c=y
ldap machine suffix = ou=xx
ldap group suffix = ou=yy
ldap user suffix = ou=xx
ldap idmap suffix = ou=nn
ldap admin dn = cn=Manager,o=x,c=y
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = yes
winbind cache time = 5
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
security = user
[JIAGEN]
comment = JIAGEN project share
path = /export/WTCCC
valid users = @WTCCC
write list = +WTCCC
read only = No
inherit acls = Yes
force group = +WTCCC
writable = yes
create mask = 0660
directory mask = 0770
I had some issue with server-side caching, which got resolved once I
stopped nscd on the server.
Now everything is peachy!!!
Thanks,
Prakash
On Nov 14, 2007, at 10:13 AM, Dale Schroeder wrote:
Are there any errors in the logs? If not, try increasing your log
level to 10.
What does the global section of your smb.conf look like, and which
version of Samba are you running?
If it is an openldap problem, maybe one of the ldap experts (which I
am not) could spot it.
Dale
Prakash Velayutham wrote:
To add more info, I am seeing the following in the logs. So I am
guessing authentication is working fine. It is something with
regards to the group membership that is not.
[2007/11/14 09:41:06, 5] auth/auth.c:check_ntlm_password(296)
check_ntlm_password: PAM Account for user [prakash] succeeded
[2007/11/14 09:41:06, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [prakash] ->
[prakash] -> [prakash] succeeded
Thanks,
Prakash
Prakash Velayutham wrote:
Hi Dale,
Thanks for the response. I changed my share configuration as below.
But now I cannot authenticate.
[JIAGEN1]
comment = JIAGEN project share
path = /export/newWTCCC
valid users = +WTCCC
write list = +WTCCC
read only = No
inherit acls = Yes
force group = +WTCCC
writable = yes
create mask = 0660
directory mask = 0770
Any ideas why?
I checked that the user is a part of the group (though not primary).
bmifsrd2:~ # groups prakash
prakash : users torque-users calendar-users irc-users WTCCC plone-
managers plone-members fmadmin fmuser
Thanks,
Prakash
On Nov 14, 2007, at 8:57 AM, Dale Schroeder wrote:
Prakash,
You have inadvertently combined two parameters. There is no
"valid write list" parameter.
You should use
write list = +WTCCC
valid users = +WTCCC
It should work after correcting the parameter.
Good luck,
Dale
Prakash Velayutham wrote:
Hello,
I have a Samba PDC (3.x) running in a OpenSUSE 10.2 system. The
authentication backend is Open LDAP.
I want to create a group share (WTCCC) which should be accessible
to a group of users (belonging to a group called WTCCC). The
users' possess this group as their secondary group (NOT primary).
And the share folder would have its gid bit set, so all the
writes to the folder would be accessible further by only people
belonging to WTCCC. Also I want a default umask of 770 for the
shared folder too.
Could someone suggest a share configuration that can do these?
Currently, I have
[JIAGEN1]
comment = JIAGEN project share
path = /export/newWTCCC
valid write list = +WTCCC
# acl check permissions = true
# acl group control = yes
browseable = Yes
# read only = No
inherit acls = Yes
force group = +WTCCC
writable = yes
create mask = 0660
directory mask = 0770
But as soon as I change the ownership of /export/newWTCCC to
root:WTCCC, the users are not able to access the share. But if I
have the force group enabled, everyone is able to access the
share (as it forces everyone to belong to the group, which should
not be the case).
Thanks,
Prakash
No virus found in this incoming message.
Checked by AVG.
Version: 7.5.503 / Virus Database: 269.15.31/1130 - Release Date:
11/14/2007 9:27 AM
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
