Samba DM config below. Directories with setgid: $ll /home4/group total 32 drwxrws--- 7 NIS\nisadmin NIS\audio 4096 Jul 24 14:14 audio drwxrwx--- 2 NIS\nisadmin NIS\dok-sprava 4096 Jul 21 09:23 dok-sprava drwxrwx--- 2 NIS\nisadmin NIS\poj 4096 Jul 23 08:38 poj drwxrwx--- 2 NIS\nisadmin NIS\projekty 4096 Jul 23 09:14 projekty When user creates file/dir directly on linux, the files has correct group: $ mkdir /home4/group/audio/test1dir $ touch /home4/group/audio/test1file $ ll /home4/group/audio total 4 drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 08:16 test1file But when the same user creates files when logged into windows: windows: T:\audio>mkdir test1dir2 T:\audio>echo test > test1file2 linux: $ll /home4/group/audio total 40 drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir drwxrwsr-x+ 2 NIS\test1 NIS\domain users 4096 Jul 24 12:35 test1dir2 -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 08:16 test1file -rwxrwxr-x+ 1 NIS\test1 NIS\domain users 7 Jul 24 12:35 test1file2 there is "NIS\\domain users" group instead of expected and needed "NIS\\audio" group. Where can be the problem? Thanks, Michal smb.conf on samba4 DM: [global] security = ADS workgroup = NIS realm = uhn.nemuh.cz winbind offline logon = yes winbind enum users = yes winbind enum groups = yes .. log file = /var/log/samba/%m.log log level = 1 idmap config * : backend = tdb idmap config * : range = 10000-19999 idmap config ad # idmap config for the NIS domain idmap config NIS:backend = ad idmap config NIS:schema_mode = rfc2307 idmap config NIS:range = 100-9999 idmap config NIS:unix_nss_info = yes username map = /usr/local/samba/etc/user.map vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes hide unreadable = Yes root preexec = /usr/local/bin/RPE4 '%u' 'GLOBALS' '%m' '%a' ea support = yes # Rowland #Users/groups who have write access to the file can modify # the permissions (incl. ACL) #Ownership of file/dir may also be changed #Default: no (disable) dos filemode = yes # must set (map [hidden|archive|system|read only]) = no # Enabled: store DOS attributes onto user.DOSATTRIB file # file system must be mounted with user_xattr # extended attributes must be compiled into the Linux kernel store dos attributes = yes #these depend on (create mask), however, refer to (store dos attributes) map hidden = no map archive = no map system = no map read only = no # map “inherit” and “protected” flags in Windows ACLs into extended #attribute file called user.SAMBA_PAI map acl inherit = yes # Turn on unix extensions unix extensions = yes ## end Rowland [home4] path = /home4/ read only = no root preexec = /usr/local/bin/RPE4 '%u' 'HOME4' '%m' '%a' [users] path=/home/ read only = no root preexec = /usr/local/bin/RPE4 '%u' 'USERS' '%m' '%a' [profiles] path = /profiles/ read only = no root preexec = /usr/local/bin/RPE4 '%u' 'PROFILES' '%m' '%a' browseable = No force create mode = 0660 force directory mode = 0770 csc policy = disable store dos attributes = yes vfs objects = acl_xattr [groups] path=/home4/group read only=no root preexec = /usr/local/bin/RPE4 '%u' 'GROUPS' '%m' '%a' browseable = No force create mode = 0660 force directory mode = 0770 store dos attributes = yes vfs objects = acl_xattr
On Tue, 24 Jul 2018 14:38:31 +0200 Michal via samba <samba at lists.samba.org> wrote:> Samba DM config below. > Directories with setgid: > > $ll /home4/group > total 32 > drwxrws--- 7 NIS\nisadmin NIS\audio 4096 Jul 24 14:14 audio > drwxrwx--- 2 NIS\nisadmin NIS\dok-sprava 4096 Jul 21 09:23 dok-sprava > drwxrwx--- 2 NIS\nisadmin NIS\poj 4096 Jul 23 08:38 poj > drwxrwx--- 2 NIS\nisadmin NIS\projekty 4096 Jul 23 09:14 projekty > > When user creates file/dir directly on linux, the files has correct > group: > > $ mkdir /home4/group/audio/test1dir > $ touch /home4/group/audio/test1file > $ ll /home4/group/audio > total 4 > drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir > -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 08:16 test1file > > But when the same user creates files when logged into windows: > > windows: > T:\audio>mkdir test1dir2 > T:\audio>echo test > test1file2 > > linux: > > $ll /home4/group/audio > total 40 > drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir > drwxrwsr-x+ 2 NIS\test1 NIS\domain users 4096 Jul 24 12:35 > test1dir2 -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 > 08:16 test1file -rwxrwxr-x+ 1 NIS\test1 NIS\domain users 7 Jul > 24 12:35 test1file2 > > there is "NIS\\domain users" group instead of expected and needed > "NIS\\audio" group.This is to be expected with your smb.conf> > Where can be the problem? > > Thanks, Michal > > smb.conf on samba4 DM: > [global] > security = ADS > workgroup = NIS > realm = uhn.nemuh.cz > winbind offline logon = yes > winbind enum users = yes > winbind enum groups = yes > .. > log file = /var/log/samba/%m.log > log level = 1 > > idmap config * : backend = tdb > idmap config * : range = 10000-19999 > idmap config ad > > # idmap config for the NIS domain > idmap config NIS:backend = ad > idmap config NIS:schema_mode = rfc2307 > idmap config NIS:range = 100-9999 > idmap config NIS:unix_nss_info = yestry adding: idmap config NIS:unix_primary_group = yes Rowland
2018-07-24 15:12 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:> On Tue, 24 Jul 2018 14:38:31 +0200 > Michal via samba <samba at lists.samba.org> wrote: > > > Samba DM config below. > > Directories with setgid: > > > > $ll /home4/group > > total 32 > > drwxrws--- 7 NIS\nisadmin NIS\audio 4096 Jul 24 14:14 audio > > drwxrwx--- 2 NIS\nisadmin NIS\dok-sprava 4096 Jul 21 09:23 dok-sprava > > drwxrwx--- 2 NIS\nisadmin NIS\poj 4096 Jul 23 08:38 poj > > drwxrwx--- 2 NIS\nisadmin NIS\projekty 4096 Jul 23 09:14 projekty > > > > When user creates file/dir directly on linux, the files has correct > > group: > > > > $ mkdir /home4/group/audio/test1dir > > $ touch /home4/group/audio/test1file > > $ ll /home4/group/audio > > total 4 > > drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir > > -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 08:16 test1file > > > > But when the same user creates files when logged into windows: > > > > windows: > > T:\audio>mkdir test1dir2 > > T:\audio>echo test > test1file2 > > > > linux: > > > > $ll /home4/group/audio > > total 40 > > drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir > > drwxrwsr-x+ 2 NIS\test1 NIS\domain users 4096 Jul 24 12:35 > > test1dir2 -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 > > 08:16 test1file -rwxrwxr-x+ 1 NIS\test1 NIS\domain users 7 Jul > > 24 12:35 test1file2 > > > > there is "NIS\\domain users" group instead of expected and needed > > "NIS\\audio" group. > > This is to be expected with your smb.conf > > > > > Where can be the problem? > > > > Thanks, Michal > > > > smb.conf on samba4 DM: > > [global] > > security = ADS > > workgroup = NIS > > realm = uhn.nemuh.cz > > winbind offline logon = yes > > winbind enum users = yes > > winbind enum groups = yes > > .. > > log file = /var/log/samba/%m.log > > log level = 1 > > > > idmap config * : backend = tdb > > idmap config * : range = 10000-19999 > > idmap config ad > > > > # idmap config for the NIS domain > > idmap config NIS:backend = ad > > idmap config NIS:schema_mode = rfc2307 > > idmap config NIS:range = 100-9999 > > idmap config NIS:unix_nss_info = yes > > try adding: > > idmap config NIS:unix_primary_group = yes > >Did not help :-( (smbd restarted, user logged into windows again) Michal> Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
For being honest, in my previous tests this user's (user test1) new files was created with NIS\audio group as extected; but other user's files (user amistest) was created with "NIS\domain users" group (in the same "audio" directory). This lasted a few days. It looked like drwxr-sr-x 2 NIS\amistest NIS\audio 4096 Jul 24 08:17 amistestdir drwxrwsr-x+ 2 NIS\amistest NIS\domain users 4096 Jul 24 11:48 amistestdir2 -> why NOT NIS\audio group? -rw-r--r-- 1 NIS\amistest NIS\audio 0 Jul 24 08:17 amistestfile -rwxrwxr-x+ 1 NIS\amistest NIS\domain users 7 Jul 24 11:49 amistestfile2 -> why NOT NIS\audio group? drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 08:16 test1file But during writing my initial post about this topic, files of both these users started to have "NIS\domain users" group. I am not aware of change which could be the reason. Michal 2018-07-24 15:12 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:> On Tue, 24 Jul 2018 14:38:31 +0200 > Michal via samba <samba at lists.samba.org> wrote: > > > Samba DM config below. > > Directories with setgid: > > > > $ll /home4/group > > total 32 > > drwxrws--- 7 NIS\nisadmin NIS\audio 4096 Jul 24 14:14 audio > > drwxrwx--- 2 NIS\nisadmin NIS\dok-sprava 4096 Jul 21 09:23 dok-sprava > > drwxrwx--- 2 NIS\nisadmin NIS\poj 4096 Jul 23 08:38 poj > > drwxrwx--- 2 NIS\nisadmin NIS\projekty 4096 Jul 23 09:14 projekty > > > > When user creates file/dir directly on linux, the files has correct > > group: > > > > $ mkdir /home4/group/audio/test1dir > > $ touch /home4/group/audio/test1file > > $ ll /home4/group/audio > > total 4 > > drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir > > -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 08:16 test1file > > > > But when the same user creates files when logged into windows: > > > > windows: > > T:\audio>mkdir test1dir2 > > T:\audio>echo test > test1file2 > > > > linux: > > > > $ll /home4/group/audio > > total 40 > > drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir > > drwxrwsr-x+ 2 NIS\test1 NIS\domain users 4096 Jul 24 12:35 > > test1dir2 -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 > > 08:16 test1file -rwxrwxr-x+ 1 NIS\test1 NIS\domain users 7 Jul > > 24 12:35 test1file2 > > > > there is "NIS\\domain users" group instead of expected and needed > > "NIS\\audio" group. > > This is to be expected with your smb.conf > > > > > Where can be the problem? > > > > Thanks, Michal > > > > smb.conf on samba4 DM: > > [global] > > security = ADS > > workgroup = NIS > > realm = uhn.nemuh.cz > > winbind offline logon = yes > > winbind enum users = yes > > winbind enum groups = yes > > .. > > log file = /var/log/samba/%m.log > > log level = 1 > > > > idmap config * : backend = tdb > > idmap config * : range = 10000-19999 > > idmap config ad > > > > # idmap config for the NIS domain > > idmap config NIS:backend = ad > > idmap config NIS:schema_mode = rfc2307 > > idmap config NIS:range = 100-9999 > > idmap config NIS:unix_nss_info = yes > > try adding: > > idmap config NIS:unix_primary_group = yes > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Am Dienstag, 24. Juli 2018, 14:38:31 CEST schrieb Michal via samba:> Samba DM config below. > Directories with setgid: > > $ll /home4/group > total 32 > drwxrws--- 7 NIS\nisadmin NIS\audio 4096 Jul 24 14:14 audio > drwxrwx--- 2 NIS\nisadmin NIS\dok-sprava 4096 Jul 21 09:23 dok-sprava > drwxrwx--- 2 NIS\nisadmin NIS\poj 4096 Jul 23 08:38 poj > drwxrwx--- 2 NIS\nisadmin NIS\projekty 4096 Jul 23 09:14 projekty > > When user creates file/dir directly on linux, the files has correct > group: > > $ mkdir /home4/group/audio/test1dir > $ touch /home4/group/audio/test1file > $ ll /home4/group/audio > total 4 > drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir > -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 08:16 test1file > > But when the same user creates files when logged into windows: > > windows: > T:\audio>mkdir test1dir2 > T:\audio>echo test > test1file2 > > linux: > > $ll /home4/group/audio > total 40 > drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir > drwxrwsr-x+ 2 NIS\test1 NIS\domain users 4096 Jul 24 12:35 > test1dir2 -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 > 08:16 test1file -rwxrwxr-x+ 1 NIS\test1 NIS\domain users 7 Jul > 24 12:35 test1file2 > > there is "NIS\\domain users" group instead of expected and needed > "NIS\\audio" group. > > Where can be the problem?Maybe their is no problem? Check the extented acls: getfacl /home4/group/audio{test1dir2,test1file2}> Thanks, Michal > > smb.conf on samba4 DM: > [global] > security = ADS > workgroup = NIS > realm = uhn.nemuh.cz > winbind offline logon = yes > winbind enum users = yes > winbind enum groups = yes > .. > log file = /var/log/samba/%m.log > log level = 1 > > idmap config * : backend = tdb > idmap config * : range = 10000-19999 > idmap config ad > > # idmap config for the NIS domain > idmap config NIS:backend = ad > idmap config NIS:schema_mode = rfc2307 > idmap config NIS:range = 100-9999 > idmap config NIS:unix_nss_info = yes > username map = /usr/local/samba/etc/user.map > > vfs objects = acl_xattr > map acl inherit = yes > store dos attributes = yes > > hide unreadable = Yes > > root preexec = /usr/local/bin/RPE4 '%u' 'GLOBALS' '%m' '%a' > > ea support = yes > > > # Rowland > #Users/groups who have write access to the file can modify > # the permissions (incl. ACL) > #Ownership of file/dir may also be changed > #Default: no (disable) > dos filemode = yes > # must set (map [hidden|archive|system|read only]) = no > # Enabled: store DOS attributes onto user.DOSATTRIB file > # file system must be mounted with user_xattr > # extended attributes must be compiled into the Linux kernel > store dos attributes = yes > #these depend on (create mask), however, refer to (store dos > attributes) map hidden = no > map archive = no > map system = no > map read only = no > # map “inherit” and “protected” flags in Windows ACLs into extended > #attribute file called user.SAMBA_PAI > map acl inherit = yes > # Turn on unix extensions > unix extensions = yes > ## end Rowland > > [home4] > path = /home4/ > read only = no > root preexec = /usr/local/bin/RPE4 '%u' 'HOME4' '%m' '%a' > > [users] > path=/home/ > read only = no > root preexec = /usr/local/bin/RPE4 '%u' 'USERS' '%m' '%a' > > [profiles] > path = /profiles/ > read only = no > root preexec = /usr/local/bin/RPE4 '%u' 'PROFILES' '%m' '%a' > browseable = No > force create mode = 0660 > force directory mode = 0770 > csc policy = disable > store dos attributes = yes > vfs objects = acl_xattr > > [groups] > path=/home4/group > read only=no > root preexec = /usr/local/bin/RPE4 '%u' 'GROUPS' '%m' '%a' > browseable = No > force create mode = 0660 > force directory mode = 0770 > store dos attributes = yes > vfs objects = acl_xattr-- Gruss Harry Jede
2018-07-24 16:42 GMT+02:00 Harry Jede <walk2sun at arcor.de>:> Am Dienstag, 24. Juli 2018, 14:38:31 CEST schrieb Michal via samba: > > > Samba DM config below. > > > Directories with setgid: > > > > > > $ll /home4/group > > > total 32 > > > drwxrws--- 7 NIS\nisadmin NIS\audio 4096 Jul 24 14:14 audio > > > drwxrwx--- 2 NIS\nisadmin NIS\dok-sprava 4096 Jul 21 09:23 dok-sprava > > > drwxrwx--- 2 NIS\nisadmin NIS\poj 4096 Jul 23 08:38 poj > > > drwxrwx--- 2 NIS\nisadmin NIS\projekty 4096 Jul 23 09:14 projekty > > > > > > When user creates file/dir directly on linux, the files has correct > > > group: > > > > > > $ mkdir /home4/group/audio/test1dir > > > $ touch /home4/group/audio/test1file > > > $ ll /home4/group/audio > > > total 4 > > > drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir > > > -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 08:16 test1file > > > > > > But when the same user creates files when logged into windows: > > > > > > windows: > > > T:\audio>mkdir test1dir2 > > > T:\audio>echo test > test1file2 > > > > > > linux: > > > > > > $ll /home4/group/audio > > > total 40 > > > drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir > > > drwxrwsr-x+ 2 NIS\test1 NIS\domain users 4096 Jul 24 12:35 > > > test1dir2 -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 > > > 08:16 test1file -rwxrwxr-x+ 1 NIS\test1 NIS\domain users 7 Jul > > > 24 12:35 test1file2 > > > > > > there is "NIS\\domain users" group instead of expected and needed > > > "NIS\\audio" group. > > > > > > Where can be the problem? > > Maybe their is no problem? Check the extented acls: > > > > getfacl /home4/group/audio{test1dir2,test1file2} > > > >I think there is a problem: getfacl /home4/group/audio/test1dir2 getfacl: Removing leading '/' from absolute path names # file: home4/group/audio/test1dir2 # owner: NIS\134test1 # group: NIS\134domain\040users # flags: -s- user::rwx user:NIS\134test1:rwx group::rwx group:NIS\134domain\040users:rwx mask::rwx other::r-x default:user::rwx default:user:NIS\134test1:rwx default:group::rwx default:group:NIS\134domain\040users:rwx default:mask::rwx default:other::r-x (I've already deleted testfile2.) There is no mention of NIS\audio group at all. And there is not reason for NIS\domain users to have any rights there (in a fact, I do not want any other group to have any rights there). Michal> > > > Thanks, Michal > > > > > > smb.conf on samba4 DM: > > > [global] > > > security = ADS > > > workgroup = NIS > > > realm = uhn.nemuh.cz > > > winbind offline logon = yes > > > winbind enum users = yes > > > winbind enum groups = yes > > > .. > > > log file = /var/log/samba/%m.log > > > log level = 1 > > > > > > idmap config * : backend = tdb > > > idmap config * : range = 10000-19999 > > > idmap config ad > > > > > > # idmap config for the NIS domain > > > idmap config NIS:backend = ad > > > idmap config NIS:schema_mode = rfc2307 > > > idmap config NIS:range = 100-9999 > > > idmap config NIS:unix_nss_info = yes > > > username map = /usr/local/samba/etc/user.map > > > > > > vfs objects = acl_xattr > > > map acl inherit = yes > > > store dos attributes = yes > > > > > > hide unreadable = Yes > > > > > > root preexec = /usr/local/bin/RPE4 '%u' 'GLOBALS' '%m' '%a' > > > > > > ea support = yes > > > > > > > > > # Rowland > > > #Users/groups who have write access to the file can modify > > > # the permissions (incl. ACL) > > > #Ownership of file/dir may also be changed > > > #Default: no (disable) > > > dos filemode = yes > > > # must set (map [hidden|archive|system|read only]) = no > > > # Enabled: store DOS attributes onto user.DOSATTRIB file > > > # file system must be mounted with user_xattr > > > # extended attributes must be compiled into the Linux kernel > > > store dos attributes = yes > > > #these depend on (create mask), however, refer to (store dos > > > attributes) map hidden = no > > > map archive = no > > > map system = no > > > map read only = no > > > # map “inherit” and “protected” flags in Windows ACLs into extended > > > #attribute file called user.SAMBA_PAI > > > map acl inherit = yes > > > # Turn on unix extensions > > > unix extensions = yes > > > ## end Rowland > > > > > > [home4] > > > path = /home4/ > > > read only = no > > > root preexec = /usr/local/bin/RPE4 '%u' 'HOME4' '%m' '%a' > > > > > > [users] > > > path=/home/ > > > read only = no > > > root preexec = /usr/local/bin/RPE4 '%u' 'USERS' '%m' '%a' > > > > > > [profiles] > > > path = /profiles/ > > > read only = no > > > root preexec = /usr/local/bin/RPE4 '%u' 'PROFILES' '%m' '%a' > > > browseable = No > > > force create mode = 0660 > > > force directory mode = 0770 > > > csc policy = disable > > > store dos attributes = yes > > > vfs objects = acl_xattr > > > > > > [groups] > > > path=/home4/group > > > read only=no > > > root preexec = /usr/local/bin/RPE4 '%u' 'GROUPS' '%m' '%a' > > > browseable = No > > > force create mode = 0660 > > > force directory mode = 0770 > > > store dos attributes = yes > > > vfs objects = acl_xattr > > > > > > -- > > > > Gruss > > Harry Jede >