Re: [Samba] AD + winbindd(8): group permissions being ignored ? WTF ?
Hi! On Mon, Aug 13, 2007 at 09:10:46PM +0800, Wilkinson, Alex wrote: 0n Mon, Aug 13, 2007 at 01:44:19AM -0700, Doug VanLeuven wrote: Have a look and see if this report is relevant in your case (it's fairly long): https://bugzilla.samba.org/show_bug.cgi?id=3990 === Applying FreeBSD patches for samba-3.0.25a_1,1 1 out of 5 hunks failed--saving rejects to smbd/sec_ctx.c.rej = Patch patch-smbd_sec_ctx.c failed to apply cleanly. That could be predicted, if you take a look into the content of the port patch and the patch you tried to apply. I *really* need this patch so that I can manage shared data via AD groups. Can anyone lend a helping hand in making samba compile in FreeBSD ports with the following patch [http://marc.info/?l=samba-technicalm=117976475614078w=2] ? Or can the FreeBSD net/samba3 port maintainer get this patch included into the port ASAP ? I don't see any fundamental difference between: http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/net/samba3/files/patch-smbd_sec_ctx.c?rev=1.1;content-type=text%2Fplain and: http://marc.info/?l=samba-technicalm=117976475614078w=2 There is an additional check in the port version that verifies, that there are any supplimentary groups at all, but besides that code is identical. Unless I'm missing something, I'd considere this patch to be already incorporated into the FreeBSD Samba port. With regards, Timur Bakeyev. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD + winbindd(8): group permissions being ignored ? WTF ?
0n Tue, Aug 14, 2007 at 05:13:10PM -0700, Doug VanLeuven wrote: I don't use FreeBSD, but it looks like the make first applies FreeBSD patches against the main samba release. What's failing is the patch against the very same file that you patched with group_fix_patch.txt. You need to look at smbd/sec_ctx.c.rej and see if what is failing is an attempt to apply the very same patch a second time. Got the patch to work. I was doing things in the wrong order :( Group permissions via chown(1) actually work now! Yay! (At least the first 16). One thing that I notice is that group permissions DONT work if I turn off winbind user and group enumertaion. Which is bizarre. Thanks for your assistance Doug! -aW IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914. If you have received this email in error, you are requested to contact the sender and delete the email. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD + winbindd(8): group permissions being ignored ? WTF ?
Wilkinson, Alex wrote: 0n Mon, Aug 13, 2007 at 01:44:19AM -0700, Doug VanLeuven wrote: Have a look and see if this report is relevant in your case (it's fairly long): https://bugzilla.samba.org/show_bug.cgi?id=3990 This is my *exact* problem. I am using version 3.0.25a,1.1. And looking at work/samba-3.0.25a/source/smbd/sec_ctx.c it looks like Björn Jacke's patch has not been included. So I proceed to apply the patch myself and run into: # patch -p0 group_fix_patch.txt Hmm... Looks like a unified diff to me... The text leading up to this was: -- |Index: source/smbd/sec_ctx.c |=== |--- source/smbd/sec_ctx.c (Revision 23033) |+++ source/smbd/sec_ctx.c (Arbeitskopie) -- Patching file source/smbd/sec_ctx.c using Plan A... Hunk #1 succeeded at 248 (offset 2 lines). done # #cd /usr/ports/net/samba3/ #make install === Patching for samba-3.0.25a_1,1 === Applying FreeBSD patches for samba-3.0.25a_1,1 1 out of 5 hunks failed--saving rejects to smbd/sec_ctx.c.rej = Patch patch-smbd_sec_ctx.c failed to apply cleanly. = Patch(es) patch-Makefile.in patch-client_client.c patch-configure.in patch-include_includes.h patch-lib_ico nv.c patch-lib_replace_libreplace_cc.m4 patch-nsswitch_pam_winbind.c patch-nsswitch_winbindd.c patch-pam_smbpa ss_pam_smb_auth.c patch-pam_smbpass_pam_smb_passwd.c patch-pam_smbpass_support.c patch-script_installbin.sh.in patch-script_installswat.sh patch-smbd_aio.c applied cleanly. *** Error code 1 I *really* need this patch so that I can manage shared data via AD groups. Can anyone lend a helping hand in making samba compile in FreeBSD ports with the following patch [http://marc.info/?l=samba-technicalm=117976475614078w=2] Hi, I don't use FreeBSD, but it looks like the make first applies FreeBSD patches against the main samba release. What's failing is the patch against the very same file that you patched with group_fix_patch.txt. You need to look at smbd/sec_ctx.c.rej and see if what is failing is an attempt to apply the very same patch a second time. You mentioned you were using 3.0.25a. I believed this fix was applied to 3.0.25b and later. But then again. I've been having some issues with secondary groups in opensuse 10.2, samba 3.0.25b-1.1.72-1411-SUSE-SL10.2 , but haven't isolated what exactly is my issue. On FC-5 samba 3.0.25c-SVN-build-23735 everything seems to be OK. :I use: security = ADS winbind enum users = Yes winbind enum groups = Yes winbind nss info = sfu idmap domains = FOREST, SAMBA idmap config FOREST:readonly = yes idmap config FOREST:schema_mode = sfu idmap config FOREST:backend = ad idmap config SAMBA:readonly = yes idmap config SAMBA:backend = nss The NIS plugin ought to work as well. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD + winbindd(8): group permissions being ignored ? WTF ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wilkinson, Alex wrote: Hi all, I am successfully authenticating FreeBSD 7.0-CURRENT #1: Wed Jul 25 17:31:15 WST 2007 against AD. Users can log in succesfully with home directories being served via amd(8) and NFS. However, I have discovered a potential show-stopper that will force me to abort this mission :( The problem -~-~-~-~-~- In a nutshell: Simple group permissions set with chown(1) are not being honoured. e.g. #touch testing.txt #ls -l !$ -rw-r--r-- 1 root wheel 0 Aug 12 17:49 testing #chmod 770 !$ #ls -l testing.txt -rwxrwx--- 1 root wheel 0 Aug 12 17:49 testing.txt #chown root:scis stl admins testing.txt #ls -l !$ ls -l testing.txt -rwxrwx--- 1 root scis stl admins 0 Aug 12 17:49 testing.txt #su - my_username my__shellecho this sux /var/tmp/testing.txt testing.txt: Permission denied. And I KNOW 150% I am in the the group scis stl admins. The odd thing is, is that chown(1) allows me to give the file testing.txt group memebership, but users in the actual group are not given these permissions. I'm getting kinda desparate now. Have I missed something concetually ? Any insights into this problem whatsoever will be greatly appreciated. Have a look and see if this report is relevant in your case (it's fairly long): https://bugzilla.samba.org/show_bug.cgi?id=3990 Regards, Doug -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGwBnjFqWysr/jOHMRAsOjAKCOmNUxd1qX8gkomfS+D4f0FbFjmACgraNH q0AlGUfH8cGw0opxo2L8BmI= =D1B1 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD + winbindd(8): group permissions being ignored ? WTF ?
0n Mon, Aug 13, 2007 at 01:44:19AM -0700, Doug VanLeuven wrote: Have a look and see if this report is relevant in your case (it's fairly long): https://bugzilla.samba.org/show_bug.cgi?id=3990 This is my *exact* problem. I am using version 3.0.25a,1.1. And looking at work/samba-3.0.25a/source/smbd/sec_ctx.c it looks like Björn Jacke's patch has not been included. So I proceed to apply the patch myself and run into: # patch -p0 group_fix_patch.txt Hmm... Looks like a unified diff to me... The text leading up to this was: -- |Index: source/smbd/sec_ctx.c |=== |--- source/smbd/sec_ctx.c (Revision 23033) |+++ source/smbd/sec_ctx.c (Arbeitskopie) -- Patching file source/smbd/sec_ctx.c using Plan A... Hunk #1 succeeded at 248 (offset 2 lines). done # #cd /usr/ports/net/samba3/ #make install === Patching for samba-3.0.25a_1,1 === Applying FreeBSD patches for samba-3.0.25a_1,1 1 out of 5 hunks failed--saving rejects to smbd/sec_ctx.c.rej = Patch patch-smbd_sec_ctx.c failed to apply cleanly. = Patch(es) patch-Makefile.in patch-client_client.c patch-configure.in patch-include_includes.h patch-lib_ico nv.c patch-lib_replace_libreplace_cc.m4 patch-nsswitch_pam_winbind.c patch-nsswitch_winbindd.c patch-pam_smbpa ss_pam_smb_auth.c patch-pam_smbpass_pam_smb_passwd.c patch-pam_smbpass_support.c patch-script_installbin.sh.in patch-script_installswat.sh patch-smbd_aio.c applied cleanly. *** Error code 1 I *really* need this patch so that I can manage shared data via AD groups. Can anyone lend a helping hand in making samba compile in FreeBSD ports with the following patch [http://marc.info/?l=samba-technicalm=117976475614078w=2] ? Or can the FreeBSD net/samba3 port maintainer get this patch included into the port ASAP ? Thanks -aW IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914. If you have received this email in error, you are requested to contact the sender and delete the email. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] AD + winbindd(8): group permissions being ignored ? WTF ?
Hi all, I am successfully authenticating FreeBSD 7.0-CURRENT #1: Wed Jul 25 17:31:15 WST 2007 against AD. Users can log in succesfully with home directories being served via amd(8) and NFS. However, I have discovered a potential show-stopper that will force me to abort this mission :( The problem -~-~-~-~-~- In a nutshell: Simple group permissions set with chown(1) are not being honoured. e.g. #touch testing.txt #ls -l !$ -rw-r--r-- 1 root wheel 0 Aug 12 17:49 testing #chmod 770 !$ #ls -l testing.txt -rwxrwx--- 1 root wheel 0 Aug 12 17:49 testing.txt #chown root:scis stl admins testing.txt #ls -l !$ ls -l testing.txt -rwxrwx--- 1 root scis stl admins 0 Aug 12 17:49 testing.txt #su - my_username my__shellecho this sux /var/tmp/testing.txt testing.txt: Permission denied. And I KNOW 150% I am in the the group scis stl admins. The odd thing is, is that chown(1) allows me to give the file testing.txt group memebership, but users in the actual group are not given these permissions. I'm getting kinda desparate now. Have I missed something concetually ? Any insights into this problem whatsoever will be greatly appreciated. Thanks -aW IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914. If you have received this email in error, you are requested to contact the sender and delete the email. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba