samba - Feb 2006 - Confused about groups and access

Hello,
 
My nt admin made a group for my samba server called
Share_Dfsroot_pvcs-cdw_C and added me as a member.  I made a nested
group on my side with
 
net rpc group add ntcdw -L -Uxxxxx
 
I then added the Share_Dfsroot... with
 
net rpc group addmem ntcdw "DOMAIN+Share_Dfsroot..." -Uxxxxx
 
net rpc group members ntcdw -Uxxxx shows:
 
DOMAIN\Share_Dfsroot... so all looks good.
 
 
I then created on unix side a group called ntcdw and then tried to
associate ntcdw (ntgroup) with ntcdw (unix group) with:
 
net groupmap modify ntgroup=ntcdw unixgroup=ntcdw
 
I then set my share directory to be owned by the unix group ntcdw and
set permissions to 770 on the directory.  
 
When I try to cd into the directory with my workstation login, it says
Permission Denied.
 
What am I doing wrong?
 
David
 
 
 
David Shapiro
Unix Team Lead
919-765-2011

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Shapiro wrote:
> My nt admin made a group for my samba server called
> Share_Dfsroot_pvcs-cdw_C and added me as a member.  I made a nested
> group on my side with
>  
> net rpc group add ntcdw -L -Uxxxxx
>  
> I then added the Share_Dfsroot... with
>  
> net rpc group addmem ntcdw "DOMAIN+Share_Dfsroot..." -Uxxxxx
>  
> net rpc group members ntcdw -Uxxxx shows:
>  
> DOMAIN\Share_Dfsroot... so all looks good.
>  
> I then created on unix side a group called ntcdw and 
> then tried to associate ntcdw (ntgroup) with ntcdw
> (unix group) with:
>  
> net groupmap modify ntgroup=ntcdw unixgroup=ntcdw
>  
> I then set my share directory to be owned by the 
> unix group ntcdw and set permissions to 770 on
> the directory.
>  
> When I try to cd into the directory with my workstation 
> login, it says Permission Denied.
David,

Couple of things to check:

* You have 'winbind nested groups = yes' (I know this is
  obvious).
* Does 'id username' show the correct listing of groups?
* Does `getent group ntcdw` return the group info?
* Does `getent group $gid_ntcdw` return the group info?
  ($gid_ntcdw is the numeric gid of ntcdw).




cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD/xx8IR7qMdg1EfYRAvB+AKCeDLX/izARPlVHgbAXU7XT9/5bFACeMVw4
uAhx5X4VHclq2gTz0mI8AjQ=hvBN
-----END PGP SIGNATURE-----

Unfortunately, aix does not have getent command.
 
You have 'winbind nested groups = yes' (I know this is
  obvious).    YES
 

* Does 'id username' show the correct listing of groups?
only after I log into the box as the user and then do an su to that
user as an extra step do I see all the groups.  before that, all I see
is domain users.

* Does `getent group ntcdw` return the group info?
* Does `getent group $gid_ntcdw` return the group info?
  ($gid_ntcdw is the numeric gid of ntcdw).
 
David Shapiro
Unix Team Lead
919-765-2011
>>> "Gerald (Jerry) Carter" <jerry@samba.org> 2/24/2006
9:47 AM >>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Shapiro wrote:
> My nt admin made a group for my samba server called
> Share_Dfsroot_pvcs-cdw_C and added me as a member.  I made a nested
> group on my side with
>  
> net rpc group add ntcdw -L -Uxxxxx
>  
> I then added the Share_Dfsroot... with
>  
> net rpc group addmem ntcdw "DOMAIN+Share_Dfsroot..." -Uxxxxx
>  
> net rpc group members ntcdw -Uxxxx shows:
>  
> DOMAIN\Share_Dfsroot... so all looks good.
>  
> I then created on unix side a group called ntcdw and 
> then tried to associate ntcdw (ntgroup) with ntcdw
> (unix group) with:
>  
> net groupmap modify ntgroup=ntcdw unixgroup=ntcdw
>  
> I then set my share directory to be owned by the 
> unix group ntcdw and set permissions to 770 on
> the directory.
>  
> When I try to cd into the directory with my workstation 
> login, it says Permission Denied.
David,

Couple of things to check:

* You have 'winbind nested groups = yes' (I know this is
  obvious).
* Does 'id username' show the correct listing of groups?
* Does `getent group ntcdw` return the group info?
* Does `getent group $gid_ntcdw` return the group info?
  ($gid_ntcdw is the numeric gid of ntcdw).




cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD/xx8IR7qMdg1EfYRAvB+AKCeDLX/izARPlVHgbAXU7XT9/5bFACeMVw4
uAhx5X4VHclq2gTz0mI8AjQ=hvBN
-----END PGP SIGNATURE-----
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba