Graeme Humphries
2005-Jun-07 17:45 UTC
[Samba] "id" and "id username" don't match up when using Winbind groups
Hi, I've got a file server running Ubuntu / hoary, with Samba/Winbind version 3.0.14a. We moved to this new(er) version because we recently upgraded to Windows Server 2003 SP1, and so anything older than this was horribly broken. Unfortunately, our group problems don't appear to be completely gone. I've got the PAM and NSS winbind stuff setup so that domain users appear to be local users, but group membership seems to be still weirdly broken: "getent group network-group-name" shows that certain users are in a group. "id username" shows that the user belongs to that group. But if I "su - username && id", the group is mysteriously missing. As a result, certain users cannot get into certain directories whose access is controlled via group, whether it's on the commandline, through a Samba share, or whatever else. It's not all network groups that are affected, just a few ones at random. However, it is consistent in that if a user is having problems with a certain group, you can add and remove them from that group any number of times, and they will always have problems with that group. Any suggestions on how to fix / debug / workaround this problem would be *greatly* appreciated. Graeme Humphries
Gerald (Jerry) Carter
2005-Jun-10 13:00 UTC
[Samba] "id" and "id username" don't match up when using Winbind groups
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Graeme Humphries wrote: | "getent group network-group-name" shows that certain | users are in a group. "id username" shows that the | user belongs to that group. But if I "su - username && id", | the group is mysteriously missing. As a result, | certain users cannot get into certain directories | whose access is controlled via group, whether it's | on the commandline, through a Samba share, or whatever else. | | It's not all network groups that are affected, just a few | ones at random. However, it is consistent in that if | a user is having problems with a certain group, you | can add and remove them from that group any number of | times, and they will always have problems with that group. | | Any suggestions on how to fix / debug / workaround | this problem would be *greatly* appreciated. Graeme, Look for differences in the success and failure cases from a level 10 winbindd log. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCqY7DIR7qMdg1EfYRAtYCAKClFnYoI32qCebFLPV8Uf3+mvzY0wCgh8xq GwkvjeMswurUaXLZmtqhUbA=4/df -----END PGP SIGNATURE-----