Thanks to Redhat support who supplied the answer.
I had two problems -- a winbindd was starting up when I had
no need to use it(I think). Turning it off properly (chkconfig) made
things consistent(but not working)
The fix was simple as I knew it should (everyone else must have it working)
I just couldn't work out what.
The smb.conf entries didn't have the server name in front of the group.
====From RH support===========
In smb.conf you want to use -
valid users = @"AD_DOMAIN\webadmin", @"Netbios Name\staff"
write list = @"Netbios Name\staff"
================================
I knew that v3 needed the active directory
domain when using group access \\AD_DOMAIN\groupname but I wanted the
unix groups. I overlooked the other one because we don't have netbios
anywhere.... Well, it appears that the "Netbios Name" is the Unix
hostname (not FQDN) by default and I needed @HOSTNAME\staff and all worked.
The "Netbios Name" can be defined in smb.conf (I don't know why unless
your hostname is too long or something to make it an invalid netbios name)
Pete
Peter Glassenbury (CSSE) wrote:
Shifting from a v2 samba server to v3 - Read documentation
and googled LOTS but can't seem to find the bits that apply
to my simple(?) server with regards to groups.
# rpm -qi samba
Version : 3.0.28 Vendor: Red Hat, Inc.
Release : 1.el5_2.1 Source RPM: samba-3.0.28-1.el5_2.1.src.rpm
Samba on server (Red Hat Enterprise Linux 5.2) IS MOSTLY WORKING...
home directories authenticating correctly to Active Directory,
then supplying Unix disk to windows clients.
Mounting correctly. read write OK
testparm works fine..no errors
THE PROBLEM :
===========
Other samba shares (eg www) mount, and are browsable and
read and writeable IN PART...
they don't take note of the secondary Unix group permissions
By this I mean user "fred" in the ldap password entry has default
group "staff" and the file mode permissions for staff do work.
User "fred" is also in group "webadmin" in the ldap unix group.
These do NOT work. If I change "fred" in ldap to be default
group "webadmin", the group permissions for "webadmin" now work.
(but staff do not :-( )
The following entry for www shows (in comments) the variations
I have attempted. (before the testparm does its stuff).
read/write list also been commented out. to try and rely only
on Unix group but no improvement.
[www]
comment = WWW directory
path = /export/netfs/www
; valid users = +staff
; valid users = fred, john, mary
public = no
writable = yes
read list = +staff, +webadmin
write list = +staff, +webadmin
create mode = 0775
#############################################
### The file.....with only other shares removed.
# more /etc/samba/smb.conf
[global]
workgroup = UOCNT
realm = CANTERBURY.AC.NZ
server string = CSSE Samba
security = ADS
log file = /var/log/samba/%m.log
max log size = 300
local master = No
wins server = eth0:IP_address, eth0:Alternate_IP_Address
hosts allow = 127., 132.181., 10.
[homes]
comment = Home Directories
read only = No
create mask = 0700
directory mask = 0750
[www]
comment = WWW directory
path = /export/netfs/www
read list = +staff, +webadmin
write list = +staff, +webadmin
read only = No
create mask = 0775
=============================================
--
-------------------------------------------------------------------
Peter Glassenbury Computer Science department
[EMAIL PROTECTED] University of Canterbury
+64 3 3642987 ext 7762 New Zealand
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
