For being honest, in my previous tests this user's (user test1) new files was created with NIS\audio group as extected; but other user's files (user amistest) was created with "NIS\domain users" group (in the same "audio" directory). This lasted a few days. It looked like drwxr-sr-x 2 NIS\amistest NIS\audio 4096 Jul 24 08:17 amistestdir drwxrwsr-x+ 2 NIS\amistest NIS\domain users 4096 Jul 24 11:48 amistestdir2 -> why NOT NIS\audio group? -rw-r--r-- 1 NIS\amistest NIS\audio 0 Jul 24 08:17 amistestfile -rwxrwxr-x+ 1 NIS\amistest NIS\domain users 7 Jul 24 11:49 amistestfile2 -> why NOT NIS\audio group? drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 08:16 test1file But during writing my initial post about this topic, files of both these users started to have "NIS\domain users" group. I am not aware of change which could be the reason. Michal 2018-07-24 15:12 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:> On Tue, 24 Jul 2018 14:38:31 +0200 > Michal via samba <samba at lists.samba.org> wrote: > > > Samba DM config below. > > Directories with setgid: > > > > $ll /home4/group > > total 32 > > drwxrws--- 7 NIS\nisadmin NIS\audio 4096 Jul 24 14:14 audio > > drwxrwx--- 2 NIS\nisadmin NIS\dok-sprava 4096 Jul 21 09:23 dok-sprava > > drwxrwx--- 2 NIS\nisadmin NIS\poj 4096 Jul 23 08:38 poj > > drwxrwx--- 2 NIS\nisadmin NIS\projekty 4096 Jul 23 09:14 projekty > > > > When user creates file/dir directly on linux, the files has correct > > group: > > > > $ mkdir /home4/group/audio/test1dir > > $ touch /home4/group/audio/test1file > > $ ll /home4/group/audio > > total 4 > > drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir > > -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 08:16 test1file > > > > But when the same user creates files when logged into windows: > > > > windows: > > T:\audio>mkdir test1dir2 > > T:\audio>echo test > test1file2 > > > > linux: > > > > $ll /home4/group/audio > > total 40 > > drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir > > drwxrwsr-x+ 2 NIS\test1 NIS\domain users 4096 Jul 24 12:35 > > test1dir2 -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 > > 08:16 test1file -rwxrwxr-x+ 1 NIS\test1 NIS\domain users 7 Jul > > 24 12:35 test1file2 > > > > there is "NIS\\domain users" group instead of expected and needed > > "NIS\\audio" group. > > This is to be expected with your smb.conf > > > > > Where can be the problem? > > > > Thanks, Michal > > > > smb.conf on samba4 DM: > > [global] > > security = ADS > > workgroup = NIS > > realm = uhn.nemuh.cz > > winbind offline logon = yes > > winbind enum users = yes > > winbind enum groups = yes > > .. > > log file = /var/log/samba/%m.log > > log level = 1 > > > > idmap config * : backend = tdb > > idmap config * : range = 10000-19999 > > idmap config ad > > > > # idmap config for the NIS domain > > idmap config NIS:backend = ad > > idmap config NIS:schema_mode = rfc2307 > > idmap config NIS:range = 100-9999 > > idmap config NIS:unix_nss_info = yes > > try adding: > > idmap config NIS:unix_primary_group = yes > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Tue, 24 Jul 2018 15:57:46 +0200 Michal <Michal67M at seznam.cz> wrote:> For being honest, in my previous tests this user's (user test1) new > files was created with NIS\audio group as extected; but other user's > files (user amistest) was created with "NIS\domain users" group (in > the same "audio" directory). This lasted a few days. > > It looked like > drwxr-sr-x 2 NIS\amistest NIS\audio 4096 Jul 24 08:17 > amistestdir drwxrwsr-x+ 2 NIS\amistest NIS\domain users 4096 Jul 24 > 11:48 amistestdir2 -> why NOT NIS\audio group? > -rw-r--r-- 1 NIS\amistest NIS\audio 0 Jul 24 08:17 > amistestfile -rwxrwxr-x+ 1 NIS\amistest NIS\domain users 7 Jul 24 > 11:49 amistestfile2 -> why NOT NIS\audio group? > drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir > -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 08:16 > test1file > > But during writing my initial post about this topic, files of both > these users started to have "NIS\domain users" group. I am not aware > of change which could be the reason. >Do the users have a gidNumber attribute containing the gidNumber of the required group and if so, is the gidNumber inside the range set in smb.conf and is the version of Samba >= 4.6.0 Rowland
2018-07-24 16:53 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:> On Tue, 24 Jul 2018 15:57:46 +0200 > Michal <Michal67M at seznam.cz> wrote: > > > For being honest, in my previous tests this user's (user test1) new > > files was created with NIS\audio group as extected; but other user's > > files (user amistest) was created with "NIS\domain users" group (in > > the same "audio" directory). This lasted a few days. > > > > It looked like > > drwxr-sr-x 2 NIS\amistest NIS\audio 4096 Jul 24 08:17 > > amistestdir drwxrwsr-x+ 2 NIS\amistest NIS\domain users 4096 Jul 24 > > 11:48 amistestdir2 -> why NOT NIS\audio group? > > -rw-r--r-- 1 NIS\amistest NIS\audio 0 Jul 24 08:17 > > amistestfile -rwxrwxr-x+ 1 NIS\amistest NIS\domain users 7 Jul 24 > > 11:49 amistestfile2 -> why NOT NIS\audio group? > > drwxr-sr-x 2 NIS\test1 NIS\audio 4096 Jul 24 08:15 test1dir > > -rw-r--r-- 1 NIS\test1 NIS\audio 0 Jul 24 08:16 > > test1file > > > > But during writing my initial post about this topic, files of both > > these users started to have "NIS\domain users" group. I am not aware > > of change which could be the reason. > > > > Do the users have a gidNumber attribute containing the gidNumber of the > required group and if so, is the gidNumber inside the range set in > smb.conf and is the version of Samba >= 4.6.0 >su - amistest Last login: Tue Jul 24 22:37:47 CEST 2018 on pts/4 $ id uid=6603(NIS\amistest) gid=20(games) groups=20(games),513(NIS\domain users),2108(NIS\evis),2109(NIS\slp),2126(NIS\poj),2157(NIS\audio),2164(NIS\doprava),2181(NIS\tomocon),2186(NIS\pacs_diagnostik),10001(BUILTIN\users) -bash-4.2$ logout [root at samba4 audio]# su - test1 Last login: Tue Jul 24 11:52:35 CEST 2018 on pts/4 $ id uid=2075(NIS\test1) gid=20(games) groups=20(games),513(NIS\domain users),2157(NIS\audio),2186(NIS\pacs_diagnostik),10001(BUILTIN\users) # smbd -V Version 4.8.3 Michal> > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >