Will Saxon
2004-Mar-25 15:03 UTC
[Samba] Changing 'winbind use default domain' to yes breaks group share permissions
In order to support another project which I wanted to use winbind authentication for, I had to turn 'winbind use default domain' on. This seems to have disabled my ability to set group permissions on a share. My windbind separator is '-'. Before, I would give a group access to a share by putting '@DOMAIN-Group Name' in the list of valid users for the share. After setting use default domain this quit working, so I changed to '@Group Name'. This also does not work. Users in the group who attempt to connect to the share throw the following error in log.smbd: user 'username' (from session setup) not permitted to access this share (Sharename). If I add each user belonging to a group to the valid users list, they are able to access the share but none of the files (the ACL's reflect permissions for the group). What am I doing wrong? -Will PS The reason I am using 'winbind use default domain' is that I am trying to support domain-account-authenticated access to cvs via ssh. Using 'DOMAIN-username' in the CVSROOT does not seem to work, although the users can access ssh manually just fine. _____________________________________________ Will Saxon Systems Programmer - Network Services Department of Housing and Residence Education University of Florida Email: wills@housing.ufl.edu Phone: (352) 392-2171 x10148
Gerald (Jerry) Carter
2004-Mar-25 15:49 UTC
[Samba] Changing 'winbind use default domain' to yes breaks group share permissions
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Will Saxon wrote: | In order to support another project which I wanted | to use winbind authentication for, I had to turn | 'winbind use default domain' on. This seems to have | disabled my ability to set group permissions on a share. | | My windbind separator is '-'. | | Before, I would give a group access to a share by putting | '@DOMAIN-Group Name' in the list of valid users for the | share. After setting use default domain this quit working, | so I changed to '@Group Name'. This also does not work. | Users in the group who attempt to connect to the | share throw the following error in log.smbd: | | user 'username' (from session setup) not permitted to | access this share (Sharename). | | If I add each user belonging to a group to the valid users | list, they are able to access the share but none of the | files (the ACL's reflect permissions for the group). | | What am I doing wrong? It's not you -- it's me :-) See https://bugzilla.samba.org/show_bug.cgi?id=1165 Should be fixed in 3.0.3pre1 - -- cheers, jerry - ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song" --Switchfoot (2003) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAYv+FIR7qMdg1EfYRAiY8AJ9kF0NO0dwYXfFaH+9mCkVD9K9sfgCg4G+j IC/r+6F2Axp8xxs+Z2Ge0jQ=PQu9 -----END PGP SIGNATURE-----