Your message dated Sun, 8 May 2011 22:46:54 +0200
with message-id <[email protected]>
and subject line Re: Bug#535910: This bug still here?
has caused the Debian Bug report #535910,
regarding samba: Samba not checking /etc/group for secondary groups when
determining filesystem access
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
535910: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535910
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: samba
Version: 2:3.2.5-4lenny6
Severity: important
When upgrading from Etch samba stopped checking secondary groups in /etc/group
for filesystem
permissions when determining filesystem access. We use winbind and
authentication is working
correctly. If the group onwership is changed to the primary group (from
/etc/passwd),
the file is owned by the user or everyone has rights access is granted as per
the unix
permissions. Group and User enumeration is shown to be working (turning up
debug and checking
the logs shows it enumerated to the UID and GID for that user from
/etc/passwd). getent
groups shows the normal (full) group listing as it should.
A few other things I should note:
SELINUX is turned off completely.
Permissions on /etc/passwd and /etc/group are both 644
This exact config was working on Etch with the standard samba packages and
winbind (no
configuration changes were made on upgrade until after problems were seen).
I tried setting the following in /etc/samba/smb.cnf (all to no effect):
unix extensions = no
auth methods = winbind
nt acl support = yes
-- System Information:
Debian Release: 5.0.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages samba depends on:
ii adduser 3.110 add and remove users and groups
ii debconf [debcon 1.5.24 Debian configuration management sy
ii libacl1 2.2.47-2 Access control list shared library
ii libattr1 1:2.4.43-2 Extended attribute shared library
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libcomerr2 1.41.3-1 common error description library
ii libcups2 1.3.8-1+lenny6 Common UNIX Printing System(tm) -
ii libgnutls26 2.4.2-6+lenny1 the GNU TLS library - runtime libr
ii libkrb53 1.6.dfsg.4~beta1-5lenny1 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries
ii libpam-modules 1.0.1-5+lenny1 Pluggable Authentication Modules f
ii libpam-runtime 1.0.1-5+lenny1 Runtime support for the PAM librar
ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules l
ii libpopt0 1.14-4 lib for parsing cmdline parameters
ii libtalloc1 1.2.0~git20080616-1 hierarchical pool based memory all
ii libwbclient0 2:3.2.5-4lenny6 client library for interfacing wit
ii logrotate 3.7.1-5 Log rotation utility
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii procps 1:3.2.7-11 /proc file system utilities
ii samba-common 2:3.2.5-4lenny6 Samba common files used by both th
ii update-inetd 4.31 inetd configuration file updater
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
samba recommends no packages.
Versions of packages samba suggests:
pn ldb-tools <none> (no description available)
ii openbsd-inetd [inet-superse 0.20080125-2 The OpenBSD Internet Superserver
ii smbldap-tools 0.9.4-1 Scripts to manage Unix and Samba a
-- debconf information:
samba/run_mode: daemons
samba/generate_smbpasswd: false
ii libwbclient0 2:3.2.5-4lenny6 client
library for
interfacing with winbind
ii winbind 2:3.2.5-4lenny6 service
to resolve user
and group informatio
cat /etc/samba/smb.conf (with comments clipped):
[global]
unix extensions = no
workgroup = Palantir
server string = vash server (Samba %v)
wins support = no
wins server = 192.168.28.4
dns proxy = no
name resolve order = lmhosts host wins bcast
netbios name = Vash
interfaces = 192.168.28.2/24
hosts allow = 192.168.28. 127.
log file = /var/log/samba/log.%m
max log size = 50
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = ads
realm = ad.palantir.net
password server = knives.palantir.net
winbind use default domain = yes
encrypt passwords = true
username map = /etc/samba/smbusers
domain logons = no
logon script = %U.bat
load printers = no
socket options = TCP_NODELAY
remote browse sync = 192.168.28.255
remote announce = 192.168.28.255
local master = no
os level = 33
domain master = no
preferred master = no
template shell = /bin/bash
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind enum users = yes
winbind enum groups = yes
[homes]
comment = Home Directories
browseable = no
writable = yes
[archives]
comment = Archived projects
path = /vash/archives
browseable = yes
guest ok = no
writable = yes
create mask = 0660
directory mask = 2770
force create mode = 0660
force directory mode = 2770
[business]
comment = Palantir business directory
path = /vash/business
browseable = yes
guest ok = no
writable = yes
create mask = 0660
directory mask = 2770
force create mode = 0660
force directory mode = 2770
[palantir]
comment = Palantir projects directory
path = /vash/palantir
browseable = yes
guest ok = no
writable = yes
create mask = 0660
directory mask = 2770
force create mode = 0660
force directory mode = 2770
[software]
comment = software packages
path = /vash/software
browseable = yes
guest ok = yes
writable = yes
create mask = 0664
directory mask = 2775
force create mode = 0664
force directory mode = 2775
Any help is appreciated. Thanks,
--- End Message ---
--- Begin Message ---
Quoting Trev Peterson ([email protected]):
> Hello,
>
> The problem was never resolved and due to this problem and other factors
> we've moved away from Samba. Thanks for the suggestions. Feel free to
> go ahead and close it out.
Thanks for your answer. This is unfortunately typical of a problem
that nearly certainly nobody will have the setup to reproduce...or
check that it disappeared.
Given that the bug submitter can't reproduce the bug himself (because
of having moved to another setup), I think there is nopoint in keeping
that bug opened.
signature.asc
Description: Digital signature
--- End Message ---
