[Samba] samba ldap group shares don't work anymore

Sat, 23 Feb 2008 01:42:12 -0800 

Dear list,
after 2 weeks running Samba 3.0.26a-3.5-1616-SUSE-SL10.3 without any
problems, access to shares with dedicated group rights stopped working.
Shares with user rights are still allright.
New shares are working. Only those 2 weeks old, with all their groups not.
Smbclient quits with: tree connect failed: NT_STATUS_BAD_NETWORK_NAME

Smbd Log shows this:

[2008/02/23 10:25:37, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-5-21-1664890072-4027361542-1527094963-21002
  se_access_check: also S-1-5-21-1664890072-4027361542-1527094963-21017
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
  se_access_check: also S-1-22-2-10008
[2008/02/23 10:25:37, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (10001, 10008) - sec_ctx_stack_ndx = 0
[2008/02/23 10:25:37, 0] smbd/service.c:make_connection_snum(1003)
  '/home/groups/xxx_punkt' does not exist or permission denied when connecting 
to [treff] Error was Keine Berechtigung
[2008/02/23 10:25:37, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/02/23 10:25:37, 3] smbd/connection.c:yield_connection(69)


This Share (xxx_punkt) is owned by group (Unix gid 10008) of connecting user 
(XXX), 

(XXX) User LDIF Entry shows the right sambaPrimeryGroupSid: 21017

So groupmapping ist working fine.


G is:

[global]
        workgroup = xxxx-F
        server string = Samba 
        map to guest = Bad User
        passdb backend = ldapsam
        log level = 3
        time server = Yes
        logon path = \\%L\profiles\.msprofile
        logon drive = P:
        logon home = \\%L\%U\.9xprofile
        domain logons = Yes
        os level = 99
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        ldap admin dn = cn=xxxxx,dc=xxxxx-f,dc=de
        ldap group suffix = ou=groups
        ldap machine suffix = ou=hosts
        ldap passwd sync = Yes
        ldap suffix = dc=xxxxx-f,dc=de
        ldap ssl = no
        ldap user suffix = ou=users
        winbind nested groups = No

 



As you see the server is setted up as a PDC, at the moment his only role
is to work standalone only for user and group shares.
Surprising for me is the fact of 2 weeks working fine and stopping it
without! changing anything.

Regards Georg
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to