samba - Jan 1999 - Samba 2.0 User Authentication

Hi folks,

we're running Samba 2.0 on a SuSE 5.3 based System and I have two
questions about an authentication issue:

1: I cannot connect to SWAT as user root because of authentication
failure ("invalid password"). We're using shadow password and I
compiled
the Samba-suite with "-Wshadow".

2. We've a share to which every user connects as himself. File
permissions on the UNIX side are that the owner is root with no
permissions to anyone und the owner and read-write permissions for the
group. Of course this works fine locally. The User connects from NT
Workstation, his password is checked against the PDC in the network.

Example:
----rwx---   1 root     developer         575 Jan 30 16:38 file.html
----rwx---   1 root     controller          575 Jan 30 16:38
another_file.html

So everyone in the group developer or controller respectively should be
able to write the file. Howerver every user belongs to the primary group
'users' and but the secondary group 'developers'. The problem
is, that a
user from the developer group can read the file but not write it.
smbstatus tells me that the user is connected with his username and the
'user' group. Opening the Properties dialog on the NT side shows a
write-protected flag.

Any ideas appreciated, thanks a lot,

Christian

Hi all,

>So everyone in the group developer or controller respectively should be
>able to write the file. Howerver every user belongs to the primary group
>'users' and but the secondary group 'developers'. The
problem is, that a
>user from the developer group can read the file but not write it.
This is classic Samba.

It's been like this since as long as I can remember (well 1.9.15p8
anyway :) ).


Samba doesn't support the additional groups as defined in /etc/groups
(or your NIS (etc.) equivalent).  Only the primary group as defined in
'/etc/passwd'


The group id for any given share can be changed with 'force group'.
(although for various reasons I always use 'force user', not least
because then the inode cna be written allowing 'mtime' to be written)



I dunno, but I'm guessing that getting Samba to fully support
multi-groups would be a major modification.



                               Mac
          Assistant Systems Adminstrator @nibsc.ac.uk
                        dmccann@nibsc.ac.uk
   Work: +44 1707 654753 x285      Everything else: +44 956 237670 (anytime)

I have no problems with secondary groups and SAMBA 1.9.18p10 and SOlaris
2.4/2.7.
SAMAB recognises all the groups that a user is in, and allows relevant
access via UNIX permissions OR SAMBA permissions defined in "write
list"

Robert