On 02/06/2012 07:19 AM, Gémes Géza wrote:
2012-02-06 01:27 keltezéssel, steve írta:
Hi
I've created a Samba 4 group called suseusers and mixed in posixGroup
and gidNumber using samba-tool group add as a basis.
It works, e.g. when I added an existing user to the group:
getent group suseusers
suseusers:*:2000:
and
getent passwd steve4
steve4:x:3000019:2000:steve4:/home/CACTUS/steve4:/bin/bash
and
id
uid=3000019(steve4) gid=2000(suseusers) groups=2000(suseusers)
but there seems to be something wrong with getent group. A local group
gives this:
getent group users
users:x:100:machine
x not *
This happens both on the Samba 4 machine and a client with his /home
directory on nfs4. The uid:gid mappings and permissions are perfect at
both ends:) But what is the difference between the group info coming
from Samba 4 and the group info coming from /etc/group? I'm sure that
this is an error on my part, but I can't force it into failing no
matter what I throw at it.
Thanks,
Steve
For an answer we would need some configuration details, first of all
nsswitch.conf, then depending on that maybe other files
Regards
Geza
Hi
/etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files ldap
hosts: files mdns4_minimal [NOTFOUND=return] dns
networks: files dns
services: files
protocols: files
rpc: files
ethers: files
netmasks: files
Ah, maybe this has something to do with it. For the user ldapmodify I
have:
dn: cn=steve4,cn=Users,dc=hh3,dc=site
changetype: modify
add: objectclass
objectclass: posixaccount
-
add: objectclass
objectclass: shadowaccount
-
add: uidnumber
uidnumber: 3000021
-
add: gidnumber
gidnumber: 2000
-
add:unixhomedirectory
unixhomedirectory: /home/CACTUS/steve2
-
add: loginshell
loginshell: /bin/bash
and for the group I have:
dn: cn=suseusers,cn=Users,dc=hh3,dc=site
changetype: modify
add: objectclass
objectclass: posixGroup
-
add: gidnumber
gidnumber: 2000
/etc/nslcd.conf:
uid nslcd-user
gid nslcd-user
uri ldap://192.168.1.3
base dc=hh3,dc=site
map passwd uid sAMAccountName
map passwd homeDirectory unixHomeDirectory
map shadow uid sAMAccountName
#map passwd gidNumber gidNumber
sasl_mech GSSAPI
sasl_realm HH3.SITE
krb5_ccname /tmp/krb5cc_0
Then:
samba-tool group addmembers suseusers steve4
getent group suseusers
suseusers:*:2000:
Comes out with the *
But steve4 comes out correctly, as a local user would:
getent passwd steve4
steve4:x:3000019:2000:steve4:/home/CACTUS/steve4:/bin/bash
The only difference I see is that steve4 has a shadowaccount object which can't
be mapped for the group (because it doesn't have one). Is there anything else
here? Any other files needed?
In fact, I don't think I need shadowaccount mappings at all do I? Isn't that
where the unix passwords are stored? But that's probably another thread.
Thanks,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
