Krigler Pavol
2010-Jul-03 16:14 UTC
[Samba] Samba 3.0.33 ignoring group ACL after joining to AD
Hello, I have installed CentOS 4.8 with samba 3.0.33. After joining to AD, group permission do not work. After "net groupmap add..." command nothing changed: # getfacl TESTDIR/ # file: TESTDIR # owner: root # group: testgroup user::rwx group::rwx other::--- user1 is in group "testgroup" net groupmap list testgroup (S-1-5-21-2207241064-1835560224-3992551478-2193) -> testgroup I am not able read from directory TESTDIR although the user1 is member of "testgroup" Here is my smb.conf: [global] workgroup = ad server string = Intranet netbios name = IS follow symlinks=yes dos filemode = yes acl group control = yes inherit permissions = no nt acl support = yes map acl inherit = yes realm = AD.COMPANY.COM server signing = auto log file = /var/log/samba/%m.log max log size = 50 security = ads password server = 10.1.1.1 encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no preferred master = no dns proxy = no template shell = /bin/false winbind use default domain = yes idmap backend = ad idmap uid = 100-20000000 idmap gid = 100-20000000 winbind nss info = rfc2307 [share] comment = Some share path = /var/opt/share/ public = yes writable = yes create mask = 0664 directory mask = 0775 browseable = yes Below are log level 10 debug messages: =====================================[2010/07/03 16:59:50, 3] smbd/process.c:switch_message(932) switch message SMBtrans2 (pid 4097) conn 0x8b67a28 [2010/07/03 16:59:50, 4] smbd/uid.c:change_to_user(183) change_to_user: Skipping user change - already user [2010/07/03 16:59:50, 3] smbd/trans2.c:call_trans2findfirst(1704) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 2 requires_resume_key = 4 level 0x104, max_data_bytes = 16384 [2010/07/03 16:59:50, 5] smbd/filename.c:unix_convert(147) unix_convert called on file "ip/dokumentacia/server/TESTDIR/*" [2010/07/03 16:59:50, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [IP/DOKUMENTACIA/SERVER/TESTDIR/*] [2010/07/03 16:59:50, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [IP/DOKUMENTACIA/SERVER/TESTDIR] -> [ip/dokumentacia/server/TESTDIR] [2010/07/03 16:59:50, 5] smbd/filename.c:unix_convert(246) unix_convert begin: name = ip/dokumentacia/server/TESTDIR/*, dirpath ip/dokumentacia/server/TESTDIR, start = * [2010/07/03 16:59:50, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled * ? [2010/07/03 16:59:50, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component * (len 1) ? [2010/07/03 16:59:50, 5] smbd/trans2.c:call_trans2findfirst(1769) dir=ip/dokumentacia/server/TESTDIR, mask = * [2010/07/03 16:59:50, 5] smbd/dir.c:dptr_create(392) dptr_create dir=ip/dokumentacia/server/TESTDIR [2010/07/03 16:59:50, 5] smbd/dir.c:OpenDir(1079) OpenDir: Can't open ip/dokumentacia/server/TESTDIR. Permission denied [2010/07/03 16:59:50, 3] smbd/error.c:error_packet_set(106) error packet at smbd/trans2.c(1833) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED [2010/07/03 16:59:50, 5] lib/util.c:show_msg(506) [2010/07/03 16:59:50, 5] lib/util.c:show_msg(516) size=35 smb_com=0x32 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=2 smb_pid=1744 smb_uid=103 smb_mid=10304 smt_wct=0 smb_bcc=0 Any help would be appreciated, Krigler Pavol