samba - Apr 2003 - ACL group permissions only work on primary group (RickSegeberg)

I appreciate your response and I tried your solution.  However, it does not seem
to help.

I am using MS Active Directory on a Windows 2000 server for the authentication
and rights for the users.  I realize AD is based on LDAP, but it's been
changed to suit Microsoft's needs - meaning it's not "pure
ldap".

Based on what you said, I made sure to create a user and a few groups which had
no spaces or capital letters in the names.  The user is still only able to
access directories in which he is a primary user.  I do not know of a way
(although I'm sure one exists) to directly edit the "memberUid="
field in AD - but if I created the user using an all lower case name, then it
should be all lower-case.

Thanks again - if you have any other ideas, I'd be happy to hear them.
 
Rick Segeberg
Provo Site Manager, IT Department
The Waterford Institute
rick.segeberg@waterford.org


-----Original Message-----
From: Wolfgang B?ch [mailto:buech@uni-hamburg.de] 
Sent: Tuesday, April 15, 2003 1:33 AM
To: samba@lists.samba.org
Subject: [Samba] ACL group permissions only work on primary group (RickSegeberg)


We faced the same Problem Samba not recognizing secondary groups of an
individual user. The reason is the handling of small an capital letters of
the user uid between samba and ldap.
Ldap for example has the following person and group:
uid=Thomas,dc=...,dc=...,dc=de
cn=group1,ou=groups,dc=...,dc=...,dc=de

Group1 has the attribute "memberUid=Thomas"; this means
"Thomas" is member
of "group1" ; he has a secondary Group Membership for
"group1".

Normaly any share, which has the underlying unix permission for this
secondary group set to rwx, should grant the access permission to that
share for "Thomas". But it doesn't work.

Examing the syslog (ldap) we found, that samba is searching for
memberUid=thomas in small letter.

If you change

"uid=Thomas,dc=...,dc=...,dc=de"

to

"uid=thomas,dc=...,dc=...,dc=de"

It should work!

Wolfgang




Wolfgang B?ch
Unix - und Windows Systemadministration
Universit?t Hamburg
Regionales Rechenzentrum
Gruppe Virtuelle Campus Bibliothek - VCB
Schl?terstrasse 70
D-20146 Hamburg
Tel.: (+40) 42838-3094


Random Thought:
--------------


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


*************************************

This e-mail may contain privileged or confidential material intended for the
named recipient only.
If you are not the named recipient, delete this message and all attachments.
Unauthorized reviewing, copying, printing, disclosing, or otherwise using
information in this e-mail is prohibited.
We reserve the right to monitor e-mail sent through our network. 

*************************************