Errol Neal
2005-Dec-11 16:38 UTC
[Samba] Question - Does Samba Recognize non-Primary Group Memberships?
I thought this was true, but In troubleshooting a permissions related
issue, I see evidence that it is not.
In my previous post, I was asking for assistance in trying to figure out
why I was unable to create files/folders over the network, but could so
so locally. My Active Directory account is a member of group that have
full control of a particular folder according to getfacl. I added that
folder as a share via samba and I was unable to create any files and
folder.
[2005/12/11 11:16:43, 1] smbd/service.c:(666)
bus-eneal2 (172.16.100.5) connect to service upload initially as user
DFIINT+eneal (uid=60000, gid=60000) (pid 900)
[2005/12/11 11:16:48, 2] smbd/open.c:(1892)
open_directory: unable to create New Folder. Error was Permission
denied
[2005/12/11 11:16:48, 2] smbd/open.c:(1892)
open_directory: unable to create New Folder. Error was Permission
denied
[2005/12/11 11:16:48, 2] smbd/open.c:(1892)
open_directory: unable to create New Folder (2). Error was Permission
denied
[2005/12/11 11:16:48, 2] smbd/open.c:(1892)
open_directory: unable to create New Folder (2). Error was Permission
denied
[upload]
path = /home/developers/
#valid users = @"Domain Users"
browseable = yes
writeable = yes
acl group control = yes
#inherit acls = yes
#acl compatibility = win2k
#admin users = @"Domain Admins", "Domain Admins",
@itservices
The acls on the folder were set to allow the groups ITServices and
ISInfrastructure to rwx. I am a member of the ISInfrastructure group,
however my primary group is Domain Admins. I added Domain Admins to have
rwx using the setfacl facility and I was able to create a folder over
the network. Is there a way to get Samba to honour my secondary groups?
Thanks in advance for any replys.
Errol Neal
Adam Nielsen
2005-Dec-12 05:15 UTC
[Samba] Question - Does Samba Recognize non-Primary Group Memberships?
> Is there a way to get Samba to honour my secondary groups?I think this has something to do with the "nested groups = yes" option. I could never get the secondary groups to be displayed with "getent passwd user" however they do work with filesystem permissions. Not sure about ACLs. Cheers, Adam.
Errol Neal
2005-Dec-12 14:48 UTC
[Samba] Question - Does Samba Recognize non-Primary Group Memberships?
>> Is there a way to get Samba to honour my secondary groups?> I think this has something to do with the "nested groups = yes"option.> Cheers, > Adam.Nope. That didn't do it. Are there conflicting options in my smb.conf file? From what I read, there was a bug with secondary groups that was fixed in 3.0.3, but that was a long time ago? Anyone else have any comments? I would sure like some assistance with this.. Thanks Adam for your reply. Errol
Errol Neal
2005-Dec-12 14:50 UTC
[Samba] Question - Does Samba Recognize non-Primary Group Memberships?
> Is there a way to get Samba to honour my secondary groups?On other interesting thing about this, IF I set one of my secondary groups as an admin user on the share, I have can create folders and files! So, in that portion of code, smbd is honouring my secondary group. But without the admin users option, it does not. Any thoughts? Errol