I'm wondering if this is a bug or if I'm not understanding this correctly. I've setup Samba with Winbind to work with a Win2K Server. Everything is working fine with a few exceptions. I'm using samba-2.2.3-pre2 from CVS on Redhat 7.2. What I'm having a problem with is that if I enable the 'admin users' directive on a share that I'm using the 'force group' directive anyone that is a member of the admin user list ignores the force group. Anyone else pays attention to it and it works fine. For example if I have the following share config: [ashare] path = /home/samba/ashare public = yes writable = no printable = no write list = @DOMAIN+Domain\ Admins @DOMAIN+AUserGroup force group = @DOMAIN+Domain\ Admins admin users = @DOMAIN+Domain\ Admins create mask = 0775 directory mask = 0775 Now if I logon as someone that is a member of Domain Admins and create a file the file is created with root as the owner (which I expect) but Domain Users as the group. If I create a file as anyone else then it is created with that user as the owner and Domain Admins as the group. One other question. I can't seem to find a consistent way to use Win2K groups. With some directives it understands the \ escape character and can be typed as above, but with others it does not and puts errors in the logs to the effect "group DOMAIN+Domain\ not found". But when I enter some of these as @"DOMAIN+Domain Admins" then it works fine and doesn't cause errors in the logs. Any help here is appreciated. Thanks, Brian W.
Can anyone verify this problem? Are any of the development team members reading this to tell me if this is a 'feature' or a 'bug'? Someone please test this and tell me if it's just a config problem on my end. Brian W. ----- Original Message ----- From: "Brian Whitehead" <bwhitehead@ddyinc.com> To: <samba@lists.samba.org> Sent: Sunday, January 13, 2002 10:40 PM Subject: BUG? admin users= ignoring force group> > I'm wondering if this is a bug or if I'm not understanding this correctly. > I've setup Samba with Winbind to work with a Win2K Server. Everything is > working fine with a few exceptions. I'm using samba-2.2.3-pre2 from CVSon> Redhat 7.2. > > What I'm having a problem with is that if I enable the 'admin users' > directive on a share that I'm using the 'force group' directive anyonethat> is a member of the admin user list ignores the force group. Anyone elsepays> attention to it and it works fine. > > For example if I have the following share config: > > [ashare] > path = /home/samba/ashare > public = yes > writable = no > printable = no > write list = @DOMAIN+Domain\ Admins @DOMAIN+AUserGroup > force group = @DOMAIN+Domain\ Admins > admin users = @DOMAIN+Domain\ Admins > create mask = 0775 > directory mask = 0775 > > Now if I logon as someone that is a member of Domain Admins and create afile> the file is created with root as the owner (which I expect) but DomainUsers> as the group. If I create a file as anyone else then it is created withthat> user as the owner and Domain Admins as the group. > > One other question. I can't seem to find a consistent way to use Win2K > groups. With some directives it understands the \ escape character andcan> be typed as above, but with others it does not and puts errors in the logsto> the effect "group DOMAIN+Domain\ not found". But when I enter some ofthese> as @"DOMAIN+Domain Admins" then it works fine and doesn't cause errors inthe> logs. > > Any help here is appreciated. > > Thanks, > Brian W. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba
On Mon, 14 Jan 2002, Brian Whitehead wrote:> > I'm wondering if this is a bug or if I'm not understanding this correctly. > I've setup Samba with Winbind to work with a Win2K Server. Everything is > working fine with a few exceptions. I'm using samba-2.2.3-pre2 from CVS on > Redhat 7.2. > > What I'm having a problem with is that if I enable the 'admin users' > directive on a share that I'm using the 'force group' directive anyone that > is a member of the admin user list ignores the force group. Anyone else pays > attention to it and it works fine.Maybe just a documentation bug. I'll look into it as soon as I can (maybe tomorrow?). chau, jerry> > For example if I have the following share config: > > [ashare] > path = /home/samba/ashare > public = yes > writable = no > printable = no > write list = @DOMAIN+Domain\ Admins @DOMAIN+AUserGroup > force group = @DOMAIN+Domain\ Admins > admin users = @DOMAIN+Domain\ Admins > create mask = 0775 > directory mask = 0775 > > Now if I logon as someone that is a member of Domain Admins and create a file > the file is created with root as the owner (which I expect) but Domain Users > as the group. If I create a file as anyone else then it is created with that > user as the owner and Domain Admins as the group. > > One other question. I can't seem to find a consistent way to use Win2K > groups. With some directives it understands the \ escape character and can > be typed as above, but with others it does not and puts errors in the logs to > the effect "group DOMAIN+Domain\ not found". But when I enter some of these > as @"DOMAIN+Domain Admins" then it works fine and doesn't cause errors in the > logs. > > Any help here is appreciated. > > Thanks, > Brian W. > >-- --------------------------------------------------------------------- Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org -- http://www.plainjoe.org "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--