Peter Glassenbury (CSSE)
2008-Oct-09 21:08 UTC
[Samba] samba v2 works, v3 does not - Unix groups
Shifting from a v2 samba server to v3 - Read documentation and googled LOTS but can't seem to find the bits that apply to my simple(?) server with regards to groups. # rpm -qi samba Version : 3.0.28 Vendor: Red Hat, Inc. Release : 1.el5_2.1 Source RPM: samba-3.0.28-1.el5_2.1.src.rpm Samba on server (Red Hat Enterprise Linux 5.2) IS MOSTLY WORKING... home directories authenticating correctly to Active Directory, then supplying Unix disk to windows clients. Mounting correctly. read write OK testparm works fine..no errors THE PROBLEM : ==========Other samba shares (eg www) mount, and are browsable and read and writeable IN PART... they don't take note of the secondary Unix group permissions By this I mean user "fred" in the ldap password entry has default group "staff" and the file mode permissions for staff do work. User "fred" is also in group "webadmin" in the ldap unix group. These do NOT work. If I change "fred" in ldap to be default group "webadmin", the group permissions for "webadmin" now work. (but staff do not :-( ) The following entry for www shows (in comments) the variations I have attempted. (before the testparm does its stuff). read/write list also been commented out. to try and rely only on Unix group but no improvement. [www] comment = WWW directory path = /export/netfs/www ; valid users = +staff ; valid users = fred, john, mary public = no writable = yes read list = +staff, +webadmin write list = +staff, +webadmin create mode = 0775 ############################################# ### The file.....with only other shares removed. # more /etc/samba/smb.conf [global] workgroup = UOCNT realm = CANTERBURY.AC.NZ server string = CSSE Samba security = ADS log file = /var/log/samba/%m.log max log size = 300 local master = No wins server = eth0:IP_address, eth0:Alternate_IP_Address hosts allow = 127., 132.181., 10. [homes] comment = Home Directories read only = No create mask = 0700 directory mask = 0750 [www] comment = WWW directory path = /export/netfs/www read list = +staff, +webadmin write list = +staff, +webadmin read only = No create mask = 0775 ============================================ -- ------------------------------------------------------------------- Peter Glassenbury Computer Science department pete@cosc.canterbury.ac.nz University of Canterbury +64 3 3642987 ext 7762 New Zealand
Peter Glassenbury (CSSE)
2008-Oct-15 20:49 UTC
[Samba] Re: Unix groups not being recognised
I got no answers other than a "metoo" for this...so maybe it IS a tricky problem and not just a config error... Can someone give any pointers on how to debug further... I am rather stuck on what to do next. Thanks Pete Re: [Samba] samba v2 works, v3 does not - Unix groups> Shifting from a v2 samba server to v3 - Read documentation > and googled LOTS but can't seem to find the bits that apply > to my simple(?) server with regards to groups. > > # rpm -qi samba > Version : 3.0.28 Vendor: Red Hat, Inc. > Release : 1.el5_2.1 Source RPM: samba-3.0.28-1.el5_2.1.src.rpm > > Samba on server (Red Hat Enterprise Linux 5.2) IS MOSTLY WORKING... > home directories authenticating correctly to Active Directory, > then supplying Unix disk to windows clients. > Mounting correctly. read write OK > testparm works fine..no errors > > THE PROBLEM : > ==========> Other samba shares (eg www) mount, and are browsable and > read and writeable IN PART... > they don't take note of the secondary Unix group permissions > By this I mean user "fred" in the ldap password entry has default > group "staff" and the file mode permissions for staff do work. > User "fred" is also in group "webadmin" in the ldap unix group. > These do NOT work. If I change "fred" in ldap to be default > group "webadmin", the group permissions for "webadmin" now work. > (but staff do not :-( ) > > The following entry for www shows (in comments) the variations > I have attempted. (before the testparm does its stuff). > read/write list also been commented out. to try and rely only > on Unix group but no improvement. > > [www] > comment = WWW directory > path = /export/netfs/www > ; valid users = +staff > ; valid users = fred, john, mary > public = no > writable = yes > read list = +staff, +webadmin > write list = +staff, +webadmin > create mode = 0775 > ############################################# > ### The file.....with only other shares removed. > # more /etc/samba/smb.conf > [global] > workgroup = UOCNT > realm = CANTERBURY.AC.NZ > server string = CSSE Samba > security = ADS > log file = /var/log/samba/%m.log > max log size = 300 > local master = No > wins server = eth0:IP_address, eth0:Alternate_IP_Address > hosts allow = 127., 132.181., 10. > > [homes] > comment = Home Directories > read only = No > create mask = 0700 > directory mask = 0750 > > [www] > comment = WWW directory > path = /export/netfs/www > read list = +staff, +webadmin > write list = +staff, +webadmin > read only = No > create mask = 0775 > ============================================>-- ------------------------------------------------------------------- Peter Glassenbury Computer Science department pete@cosc.canterbury.ac.nz University of Canterbury +64 3 3642987 ext 7762 New Zealand
Peter Glassenbury (CSSE)
2008-Nov-04 23:15 UTC
[Samba] Re: [Solution] samba v2 works, v3 does not - Unix groups
Thanks to Redhat support who supplied the answer. I had two problems -- a winbindd was starting up when I had no need to use it(I think). Turning it off properly (chkconfig) made things consistent(but not working) The fix was simple as I knew it should (everyone else must have it working) I just couldn't work out what. The smb.conf entries didn't have the server name in front of the group. ====From RH support==========In smb.conf you want to use - valid users = @"AD_DOMAIN\webadmin", @"Netbios Name\staff" write list = @"Netbios Name\staff" ===============================I knew that v3 needed the active directory domain when using group access \\AD_DOMAIN\groupname but I wanted the unix groups. I overlooked the other one because we don't have netbios anywhere.... Well, it appears that the "Netbios Name" is the Unix hostname (not FQDN) by default and I needed @HOSTNAME\staff and all worked. The "Netbios Name" can be defined in smb.conf (I don't know why unless your hostname is too long or something to make it an invalid netbios name) Pete Peter Glassenbury (CSSE) wrote:> > Shifting from a v2 samba server to v3 - Read documentation > and googled LOTS but can't seem to find the bits that apply > to my simple(?) server with regards to groups. > > # rpm -qi samba > Version : 3.0.28 Vendor: Red Hat, Inc. > Release : 1.el5_2.1 Source RPM: samba-3.0.28-1.el5_2.1.src.rpm > > Samba on server (Red Hat Enterprise Linux 5.2) IS MOSTLY WORKING... > home directories authenticating correctly to Active Directory, > then supplying Unix disk to windows clients. > Mounting correctly. read write OK > testparm works fine..no errors > > THE PROBLEM : > ==========> Other samba shares (eg www) mount, and are browsable and > read and writeable IN PART... > they don't take note of the secondary Unix group permissions > By this I mean user "fred" in the ldap password entry has default > group "staff" and the file mode permissions for staff do work. > User "fred" is also in group "webadmin" in the ldap unix group. > These do NOT work. If I change "fred" in ldap to be default > group "webadmin", the group permissions for "webadmin" now work. > (but staff do not :-( ) > > The following entry for www shows (in comments) the variations > I have attempted. (before the testparm does its stuff). > read/write list also been commented out. to try and rely only > on Unix group but no improvement. > > [www] > comment = WWW directory > path = /export/netfs/www > ; valid users = +staff > ; valid users = fred, john, mary > public = no > writable = yes > read list = +staff, +webadmin > write list = +staff, +webadmin > create mode = 0775 > ############################################# > ### The file.....with only other shares removed. > # more /etc/samba/smb.conf > [global] > workgroup = UOCNT > realm = CANTERBURY.AC.NZ > server string = CSSE Samba > security = ADS > log file = /var/log/samba/%m.log > max log size = 300 > local master = No > wins server = eth0:IP_address, eth0:Alternate_IP_Address > hosts allow = 127., 132.181., 10. > > [homes] > comment = Home Directories > read only = No > create mask = 0700 > directory mask = 0750 > > [www] > comment = WWW directory > path = /export/netfs/www > read list = +staff, +webadmin > write list = +staff, +webadmin > read only = No > create mask = 0775 > ============================================>-- ------------------------------------------------------------------- Peter Glassenbury Computer Science department pete@cosc.canterbury.ac.nz University of Canterbury +64 3 3642987 ext 7762 New Zealand
Apparently Analagous Threads
- SAMBA digest 1690
- samba-4.1.19: resolving local unix group failes when there exists a local unix user with same name
- ProFTP -> vsFTP Configuration Options
- Access to shares is denied after upgrading from 3.6.3 (openSUSE 12.1) to 4.1.17 (openSUSE 13.2)
- Connecting to multiple databases with multiple database users