Adam Nielsen
2006-Jan-17 02:51 UTC
[Samba] Can anyone get winbind to update group membership?
Hi all, Does this work for anyone out there? I've never gotten it to work: (the set up is Samba as a member of an Active Directory run by Windows servers.) -------------- 1. Pick an NT group that's been there since you installed Samba, and of which you are a member. I'll call it DOMAIN\Oldgroup. 2. Run "chgrp DOMAIN\\Oldgroup test" then "chmod g+w,o-w test" 3. Access the 'test' folder from Windows via Samba and observe you can create files in this folder, as you are a member of a group with write access. -------------- 4. Either make a new NT group, or pick one that you're not a member of. I'll call it DOMAIN\Newgroup. 5. Run "chgrp DOMAIN\\Newgroup test" 6. Access the 'test' folder and observe that you can't write to the folder as you don't have access to it any more (since you're no longer a member of the group that has write access.) -------------- 7. Go back and add yourself to DOMAIN\\Newgroup. 8. Run "getent group DOMAIN\\Newgroup" and observe that you're now a member of this group. 9. Access the 'test' folder again, but this time notice that you still can't write to the folder, even though you're a member of a group that *has* write access. -------------- I can't for the life of me work out why Samba won't let me write to the share once I've added myself (or anyone else for that matter) to a group that was created after Samba was first run. It doesn't matter how long you leave it, Samba will never let you access the folder. Is anyone else able to do this? Thanks, Adam.
Michael Gasch
2006-Jan-18 11:22 UTC
[Samba] Can anyone get winbind to update group membership?
hi, i tried to reproduce your error in a NT domain style with samba 3.0.14a PDC (openldap backend) incl. a samba 3.0.20b fileserver i tweaked winbind cache time to 60s and everything works as expected: - a user, who is in a group that has write perms, can write - remove user from this group -> user cannot write anymore - add user again to this group -> user can write again greez Adam Nielsen wrote:> Hi all, > > Does this work for anyone out there? I've never gotten it to work: > > (the set up is Samba as a member of an Active Directory run by Windows > servers.) > > -------------- > > 1. Pick an NT group that's been there since you installed Samba, > and of which you are a member. I'll call it DOMAIN\Oldgroup. > > 2. Run "chgrp DOMAIN\\Oldgroup test" then "chmod g+w,o-w test" > > 3. Access the 'test' folder from Windows via Samba and observe you > can create files in this folder, as you are a member of a group with > write access. > > -------------- > > 4. Either make a new NT group, or pick one that you're not a member > of. I'll call it DOMAIN\Newgroup. > > 5. Run "chgrp DOMAIN\\Newgroup test" > > 6. Access the 'test' folder and observe that you can't write to the > folder as you don't have access to it any more (since you're no longer a > member of the group that has write access.) > > -------------- > > 7. Go back and add yourself to DOMAIN\\Newgroup. > > 8. Run "getent group DOMAIN\\Newgroup" and observe that you're now a > member of this group. > > 9. Access the 'test' folder again, but this time notice that you > still can't write to the folder, even though you're a member of a group > that *has* write access. > > -------------- > > I can't for the life of me work out why Samba won't let me write to the > share once I've added myself (or anyone else for that matter) to a > group that was created after Samba was first run. It doesn't matter > how long you leave it, Samba will never let you access the folder. > > Is anyone else able to do this? > > Thanks, > Adam.-- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137