** Attachment added: Full smb.conf
https://bugs.launchpad.net/bugs/702265/+attachment/1792367/+files/smb.conf
** Description changed:
Binary package hint: samba
I have set a samba domain with idmap ldap, this is my idmap config:
idmap config DOMAIN:backend = ldap
idmap config DOMAIN:readonly = no
idmap config DOMAIN:default = yes
idmap config DOMAIN:ldap_base_dn = ou=idmap,ou=baseou,dc=mydomain,dc=com
idmap config DOMAIN:ldap_user_dn = cn=admin,dc=mydomain,dc=com
idmap config DOMAIN:ldap_url = ldap://localhost
idmap config DOMAIN:range = 5-5
#idmap backend = ldap:ldap://localhost
idmap uid = 1-1
idmap gid = 1-1
#idmap gid = 2-2
idmap alloc backend = ldap
idmap alloc config : ldap_url = ldap://localhost
idmap alloc config:ldap_user_dn = cn=admin,dc=mydomain,dc=com
idmap alloc config : ldap_base_dn = ou=idmap,ou=baseou,dc=mydomain,dc=com
idmap alloc config:range = 5-5
Once I have set up this in smb.conf, I stop smbd service and restart winbind,
then I issue net sam provision command, at this point everything is ok and
the ldap is provisioned properly. As you know, the provision creates these
users and groups:
- - Administrator - UID=1;GID=10001
- - nobody - UID=65534;GID=65534
- - domguests - GID=65534
- - domusers - GID=1
- - domadmins - GID=10001
+ - Administrator - UID=1;GID=10001
+ - nobody - UID=65534;GID=65534
+ - domguests - GID=65534
+ - domusers - GID=1
+ - domadmins - GID=10001
After that, I create a new user called usuprueba1, wich is created with
uid=10001 and gid=1.
Also, I have set up a share called usuarios where the home directories of the
users will be placed:
[Usuarios]
comment = Directorios home de los usuarios
path = /opt/usuarios
browseable = yes
directory mask = 0700
read only = no
valid users = %U
hide unreadable = yes
root preexec = /opt/scripts/crearHomes.sh %U
The crearHomes.sh script creates automatically the home folder of the
user, right into /opt/usuarios (i.e. /opt/usuarios/administrator or
/opt/usuarios/usuprueba1). This is also working perfectly.
as you can see, the home directories are created with 0700 mask, so,
they are only readable by the owner user.
The problem comes when I issue a smbclient command with user
administrator and usuprueba1 against Usuarios share, it shows me up the
both directories (administrator and usuprueba1)!
- root@mambo:/opt/usuarios# smbclient '//SERVER/Usuarios' -c 'dir' -U
'usuprueba1' -d 0 -W 'DOMAIN' -O 'TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
SO_RCVBUF=8192 SO_SNDBUF=8192' -b 1200
- Enter usuprueba1's password:
+ root@server:/opt/usuarios# smbclient '//SERVER/Usuarios' -c 'dir' -U
'usuprueba1' -d 0 -W 'DOMAIN' -O 'TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
SO_RCVBUF=8192 SO_SNDBUF=8192' -b 1200
+ Enter usuprueba1's password:
Domain=[SAMBA-SEF] OS=[Unix] Server=[Samba 3.4.7]
- . D0 Thu Jan 13 09:45:48 2011
- .. D0 Tue Dec 28 11:30:55 2010
- usuprueba1 D0 Thu Jan 13 09:19:14 2011
- administrator D0 Wed Jan 12 14:14:39 2011
+ . D0 Thu Jan 13 09:45:48 2011
+ .. D0 Tue Dec 28 11:30:55 2010
+ usuprueba1 D0 Thu Jan 13 09:19:14 2011
+ administrator D0 Wed Jan 12 14:14:39 2011
- root@mambo:/opt/usuarios# smbclient '//SERVER/Usuarios' -c 'dir' -U
'usuprueba1' -d 0 -W 'DOMAIN' -O 'TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
SO_RCVBUF=8192 SO_SNDBUF=8192' -b 1200
- Enter administrator's password:
+ root@server:/opt/usuarios# smbclient '//SERVER/Usuarios' -c 'dir' -U
'usuprueba1' -d 0 -W 'DOMAIN' -O 'TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
SO_RCVBUF=8192 SO_SNDBUF=8192' -b 1200
+ Enter administrator's password:
Domain=[SAMBA-SEF] OS=[Unix] Server=[Samba 3.4.7]
- . D0 Thu Jan 13 09:46:48 2011
- .. D0 Tue Dec 28 11:30:55 2010
- usuprueba1 D0 Thu Jan 13 09:19:14 2011
- administrator D0 Wed Jan 12 14:14:39 2011
+ . D0 Thu Jan 13 09:46:48 2011
+ .. D0 Tue Dec 28 11:30:55 2010
+ usuprueba1 D0 Thu Jan 13 09:19:14 2011
+ administrator D0 Wed Jan 12 14:14:39 2011
I have checked permissions with ls -l and getfacl, these are the results:
- root@mambo:/opt/usuarios# ls -l
+ root@server:/opt/usuarios# ls -l
total 44
drwx-- 2 administrator root 4096 2011-01-12