On Thu, 13 Nov 2003 [EMAIL PROTECTED] wrote:
Using ldap as my sam backend and Samba 3.0.0-2, I'm showing that samba stops parsing a RID when it encounters a letter. For example, I have an accounting group with gid 2771 and therefore rid ad3. When I list the groups in the samba domain, however, I get this listing:
Domain Admins (DOMAINSID-512) -> Domain Admins Domain Users (DOMAINSID-513) -> Domain Users Domain Guests (DOMAINSID-514) -> Domain Guests marketing (DOMAINSID-0) -> marketing support (DOMAINSID-0) -> support sales (DOMAINSID-0) -> sales integrators (DOMAINSID-0) -> integrators accounting (DOMAINSID-0) -> accounting
All of the groups showing RID 0 have RIDs that begin with a letter. This behavior applies to every entry in the SAM. What's going on here?
Please file a bug report on https://bugzilla.samba.org
This is a bug.
- John T.
is this maybe the cause for the problem that I described in this mail?
Marcos Martins da Silva schrieb:
> I have installed samba 3.0.0 on a RedHat 9.0 box. I have used the rpm binary i got from Canada mirror. The server is a dual Pentium II 400 IBM NetFinity 5000. Installation was easy. Testparm outputs:
>
> [EMAIL PROTECTED] root]# testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[desenv]"
> Loaded services file OK.
> 'winbind separator = +' might cause problems with group membership.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
>
> # Global parameters
> [global]
> workgroup = HUCFF
> server string = Servidor Samba
> security = DOMAIN
> password server = ROMULO
> log file = /var/log/samba/log.%m
> max log size = 50
> name resolve order = wins lmhosts bcast
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> dns proxy = No
> wins server = 10.12.10.15
> idmap uid = 20000-30000
> idmap gid = 20000-30000
> template shell = /bin/bash
> winbind separator = +
> winbind cache time = 10
> winbind use default domain = Yes
> hosts allow = 10., 127.
>
> [desenv]
> comment = diretório de desenvolvimento
> path = /compart/desenv
> valid users = @Desenv
> write list = @Desenv
> read only = No
> wbinfo -u and wbinfo -g gets users and groups from a Win2K domain controller (ROMULO) with no problem.
>
> The "desenv" share is configured to permit access from group "Desenv", as we can see from testparm output. The /compart/desenv path is configured like this:
> [EMAIL PROTECTED] compart]# ls -lia
> total 12
> 16403 drwxr-xr-x 3 root root 4096 Out 17 18:57 .
> 2 drwxr-xr-x 20 root root 4096 Out 20 17:03 ..
> 16404 drwxrwsr-x 23 marcosm Desenv 4096 Out 18 14:34 desenv
> "Desenv" is a global group from my win2K domain (HUCFF) and marcosm is a "Desenv" member. Since I could use chown to set Linux permissions to this group and this user, I assume winbind is working fine.
> Samba can see marcosm is member of desenv and also that Desenv (ID:20035) is among marcosm's groups:
> [EMAIL PROTECTED] compart]# getent group Desenv
> Desenv:x:20035:santanna,marcosm,velasco,analucia,anabraga,anarangel,trindade,bet
> h,evandro,gloria,gustavom,jcarlos,bortnyk,luzimar,mgsoares,cida,osmario,mbfranca
> ,leonardo,gmps
> [EMAIL PROTECTED] compart]# wbinfo -r marcosm
> 20010
> 20035
> 20037
> But I can not access the share from win2k neither from linux:
> [EMAIL PROTECTED] compart]# smbclient //seth/desenv -U marcosm
> Password:
> tree connect failed: NT_STATUS_ACCESS_DENIED
> But If I put the user "marcosm" in write list and valid users lines, like this
> [desenv]
> comment = diretório de desenvolvimento
> path = /compart/desenv
> valid users = marcosm @Desenv
> write list = marcosm @Desenv
> read only = No
> Everything works just fine as we can see:
> [EMAIL PROTECTED] compart]# smbclient //seth/desenv -U marcosm
> Password:
> smb: \> ls
> . D 0 Sat Oct 18 14:34:05 2003
> .. D 0 Fri Oct 17 18:57:17 2003
> Diretoria D 0 Sat Oct 18 14:18:51 2003
> Evandro D 0 Sat Oct 18 14:21:46 2003
> Gloria D 0 Sat Oct 18 14:22:50 2003
> Gustavo D 0 Sat Oct 18 14:22:51 2003
> JCarlos D 0 Sat Oct 18 14:22:54 2003
>
> 33001 blocks of size 1048576. 26191 blocks available
>
> The problem looks like samba is not expanding @Desenv as an user list that contains marcosm.
> Any clues? Thanks in advance.
HI,
I have exactly the same Problem after upgrading from samba 2.2.8a to 3.0.0. I run Samba on Linux SLES8 and Sun Solaris 7.
Users and groups are managed on w2k domain controler.
With Samba 2.2.8a group membership works fine and is now broken in 3.0.0.
On Samba 3.0.0. "wbinfo -r" and "getent group" show the right group membership, but Samba is ignoring the Group membership an i get NT_STATUS_ACCESS_DENIED when am accessing files or directorys with group read status.
Is this a general Problem? Configuration Problem? Thanks in advance.
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
