samba - Sep 2002 - LDAP Group Mapping Problem w/ Samba 2.2.5

Hi there.

I have set up a Samba 2.2.5 Server with LDAP support. I don't wont local 
system users, so i also set up PAM authentication against ldap. This 
works fine, Machine Trusts and Users are not needed to be local (in 
/etc/passwd or /etc/group). The same with Groups. Now here is my Problem.

Example:

Assume two users, alice and bob, and two groups, alice-group and 
bob-group which are all represented in ldap.
alice has primary group alice-group
bob has bob-group
bob has no secondary group membership
alice is group member in bob-group

Assume two directories, like:

drwxr-x---    2 alice   alice-group   4096 Sep 24 07:43 alice-dir
drwxr-x---    2 bob   bob-group   4096 Sep 24 07:43 bob-dir


Remember, both, users and groups only exist in ldap, not in /etc/passwd 
or /etc/group.

When alice logs in on the linux box, everything works as it should, that 
means, alice can cd into alice-dir as well into bob-dir. bob can only cd 
into bob-dir.

When alice tries to access these files over a smb share (the same user, 
the same files!), she can only cd into alice-dir, not into bob-dir - 
That means, groups and users are well recognized by samba (and, of 
course, by the system itself) but the group-membership mapping only 
works in the shell, not with samba.

Can anybody give me a hint what this problem is about? Or how i can fix 
it? Or at least, who i can ask? Is this a bug or did i forget something?

Thank you all in advance,
kind regards,
Philip Poten

hi!

let us see your share definition in smb.conf! are you shure that you didn't
restrict access at share?

lg
thomas

> Hi there.
>
> I have set up a Samba 2.2.5 Server with LDAP support. I don't wont
> local  system users, so i also set up PAM authentication against ldap.
> This  works fine, Machine Trusts and Users are not needed to be local
> (in  /etc/passwd or /etc/group). The same with Groups. Now here is my
> Problem.
>
> Example:
>
> Assume two users, alice and bob, and two groups, alice-group and
> bob-group which are all represented in ldap.
> alice has primary group alice-group
> bob has bob-group
> bob has no secondary group membership
> alice is group member in bob-group
>
> Assume two directories, like:
>
> drwxr-x---    2 alice   alice-group   4096 Sep 24 07:43 alice-dir
> drwxr-x---    2 bob   bob-group   4096 Sep 24 07:43 bob-dir
>
>
> Remember, both, users and groups only exist in ldap, not in /etc/passwd
>  or /etc/group.
>
> When alice logs in on the linux box, everything works as it should,
> that  means, alice can cd into alice-dir as well into bob-dir. bob can
> only cd  into bob-dir.
>
> When alice tries to access these files over a smb share (the same user,
>  the same files!), she can only cd into alice-dir, not into bob-dir -
> That means, groups and users are well recognized by samba (and, of
> course, by the system itself) but the group-membership mapping only
> works in the shell, not with samba.
>
> Can anybody give me a hint what this problem is about? Or how i can fix
>  it? Or at least, who i can ask? Is this a bug or did i forget
> something?
>
> Thank you all in advance,
> kind regards,
> Philip Poten
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba