now everything works samba recognises user "test_user" in group "users" AND "kids".... i dunno why ?!?!!?
i did nothing, i just removed "valid users" from this share and reloaded smb-conf...nothing special !
if i could reproduce it, it would be better then seeing it working now and not knowing why....
but thx very much for your patiance
greez
[EMAIL PROTECTED] wrote:
what samba log says ?
----------------------------------- St�phane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467
Michael Gasch <[EMAIL PROTECTED]> Envoy� par : Pour : [EMAIL PROTECTED] [EMAIL PROTECTED] cc : .samba.org Objet : Re: R�f. : Re: [Samba] SAMBA Groups and Permissions 04/12/2003 12:34
> Samba is compiled with acl support option ? yes it is, i can e.g. set ACL's in windows clients on samba shares but i think, that's not the fact permissions are checked not via samba! samba just asks the FS/posix-side, if it can access "share" with uid/gid xxx
greez
[EMAIL PROTECTED] wrote:
Samba is compiled with acl support option ?
./configure --with-acl-support
----------------------------------- St�phane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467
Michael Gasch <[EMAIL PROTECTED]>
Envoy� par :
Pour : [EMAIL PROTECTED]
[EMAIL PROTECTED]
cc :
.samba.org
Objet : Re: [Samba] SAMBA Groups and Permissions
04/12/2003 12:21
hi,
sorry, if i was too unprecise...
of course i'm working with acl's - otherwise i could hardly define those fine granulated rules
this is, what getfacls on /home/board gives:
~# getfacl /home/board
# file: home/board # owner: root # group: root user::rwx group::r-x group:kids:r-x mask::r-x other::--- default:user::rwx default:group::r-x default:group:kids:r-x default:mask::r-x default:other::---
for some reasons, i don't want to work with "valid users" parameter, especially while working with scripts so this solution doesn't meet my expectations (as i already mentioned)
the problem is on the samba-side on unix-side the user "test_user" has access on /home/board, cause he's in group "kids", too
but samba just recognised group "users" for "test_user" because sambaPrimaryGroupSID maps to -> "users" so samba establishes a connection as user "testuser" / group "users", which fails because of my restrictive acl :/
so: is "valid users" my only chance?
no way of adding more GroupSIDs for samba-users in LDAP, that samba recognises, that user "test_user" is in more than one group ?
i mean: unix-side sees this...
~# id test_user uid=596(test_user) gid=500(users) groups=500(users),522(kids)
thx for your help!!!
greez
[EMAIL PROTECTED] wrote:
I confirm that Malte M�ller says. If you want to set multiple group acces, you must use ACL. the valid user parameter in smb.conf force the right of directory but the unix right is only for group user.
----------------------------------- St�phane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467
[EMAIL PROTECTED]
Envoy� par :
Pour : "Michael Gasch" <[EMAIL PROTECTED]>
[EMAIL PROTECTED]
cc : [EMAIL PROTECTED]
.samba.org
Objet : Re: [Samba] SAMBA Groups and Permissions
04/12/2003 11:41
I am not shure if i got you right. You do not tell us the access rights
of
the directory concerned. If you'r primary uninx group is user and your dir. has: drwx---rwx root user board they forbid your access. then you are not allowed to access, because
group
rights match first and If you weren't user but world, then you would be allowed. This has nothing to do with samba. You might want to change the group to nogroup and work with acls (if
ext3,
XFS and alike). Or if you have plenty of CPU-cycles to waste you might work with "valid users" in smb.conf. But i'm not a security or filesystem-expert and may be completely wrong.
Kind regards, Malte M�ller
hi
i have a user
~# id test_user uid=500,gid=500 (users),groups (users,kids)
as you can see, this user is in primary group "users" and also member of group "kids"
if he tries to access /home/board via smb (Samba 3.0 + openldap) from a windows client (XP), he fails, because his
sambaPrimaryGroupSID maps to -> "users"
and /home/board is not accessible for group "users" - just for "kids" if i add
valid users = @kids
to /home/board - share, access is granted
isn't it possible in samba, that the user "test_user" gets an attribute like
sambaSecondaryGroup in ldap ????
so that samba knows: "this user is in group users AND kids, so i have to try connections to share /home/board as group users AND kids" ???
if i login locally to the samba PDC with a console as "test_user", access to /home/board is granted, 'cause i'm member of "kids"
so there's no permission problem
please help me !!!
greez
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
--
"Matrix - more than a vision"
************************************************** Michael Gasch Max Planck Institute for Evolutionary Anthropology Deutscher Platz 6 04103 Leipzig
Germany **************************************************
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
