On 12-03-03 5:56 AM, "Christian Horn" <ch...@fluxcoil.net> wrote:

> Hi,
> On Wed, Feb 29, 2012 at 11:24:25AM -0500, Kelvin Edmison wrote:
>>  I am running into an issue where users cannot access a samba volume if
>> their only access is via a secondary group.  For example, if testuser's
>> primary group is ipausers, and secondary groups include testgroup, and the
>> samba mount permissions are adminuser:testgroup:rwxrwx---, then testuser
>> cannot read or write to the samba mount.  If the testuser is change so that
>> its primary group is testgroup, then testuser can access the volume.
>> In this case, samba is running on a separate CentOS 5 server, configured to
>> access IPA via LDAP.  It is a requirement that I support
>> userid/password-based access to the samba server, as I cannot roll all my
>> users onto kerberos right away.
>> Doe anyone have any insight as to what is going on and how it can be fixed?
> I did see something similiar recently, the ldapsam backend in samba was
> used.
> You might want to try out 'ldapsam:trusted = no' in smb.conf .

That was it exactly.  Many thanks for the pointer!


Freeipa-users mailing list

Reply via email to