Hello,
I just recently migrated our samba fileservers to be members of our
corporate AD domain, which seemed to work out so far. Now, I experience
problems with group membership of groups that are defined on our old ldap
server. To avoid recreating all these groups in the AD, i thought it'd be
nice to use the old groups with the new user accounts via nsswitch.
Samba 3.0.22 on debian/unstable (debian version 3.0.22-1)
My nsswitch.conf shows:
passwd: compat winbind ldap
group: compat winbind ldap
shadow: compat winbind ldap
getent passwd <user> and getent group <group> do give the expected
results:
# getent passwd hwagener
hwagener:x:10170:100:Harald Wagener:/home/hwagener:/bin/bash
# getent passwd harald.wagener
harald.wagener:x:105593:100000:Wagener,
Harald:/home/IPGEMEA/harald.wagener:/bin/bash
fileserver1:~# getent group testgroup
testgroup:x:10400:hwagener,harald.wagener
ls and getfacl also show all is set correctly:
# ls -lad TestDir/
drwxr-x--- 2 hwagener testgroup 6 Jun 9 12:01 TestDir/
my smb.conf is very short. These are the winbind settings:
# winbind
winbind use default domain = yes
winbind nested groups = no
winbind separator = +
winbind enum groups = no # winbindd keeps crashing otherwise
winbind enum users = no # winbindd keeps crashing otherwise
This is my share definition
[Service]
path=<path to service>
browseable = yes
writeable = yes
guest ok = no
samba logs generated from clicking at the directory
are in the attached file acces-to-dir.txt.
changing the primary owner to harald.wagener does give me access to the
directory, as well changing rights to allow all users access (iow, chmod
o+rx and chown <first.last> work as expected, but are not what we want).
Advice on how to get this working is welcome. If any parts are missing to
help me, please point that out.
Regards,
Harald
--
harald wagener
technical lead it
fcb wilkens
an der alster 42
20099 hamburg
germany
t. +49(0)40-2881-1252
mjahn@fcb.com
www.footeconebelding.de