[Pkg-samba-maint] Bug#535910: samba: Samba not checking /etc/group for secondary groups when determining filesystem access

Stephan Seitz stse+debian at fsing.rootsland.net
Thu Jan 28 16:11:12 UTC 2010 

Hi!

On Wed, Nov 18, 2009 at 05:04:25PM +0100, Stephan Seitz wrote:
>I have a little newer version of samba but the same symptoms. I’m using 
>winbind to map the ADS groups to Unix groups (LDAP access to the ADS).
>
>The smb process for the share is running as the user who is logged 
>in.  But contrary to a shell access (here „id” shows all groups the 
>user is a member of), the smb process doesn’t seem to know which 
>other groups beside the primary group the user belongs to.

Well, I was able to solve my problem, but since I changed more than one 
setting I don’t know exactly what solved the problem.

I noticed that „wbinfo -S <SID>” was unable to map the SID to a UID.  
„wbinfo -U <UID>” did work.

log.winbind-idmap contained lines like „ad_idmap_cached_connection: 
Failed to obtain schema details!”.

Using Aunty Google I found the following possible solutions:

- Some winbind versions did not like the mdns entries in the host line in 
   /etc/nsswitch.conf, but for me removing them did not work, so 
   I reverted my change.

- Others had to define the idmap schema with „idmap config 
   <MYDOMAIN>:schema_mode = sfu” in /etc/samba/smb.conf. Another value for 
   sfu is rfc2307. While nothing changed for me, I did not remove the line 
   again.

- The last idea was to remove the old tdb files. I deleted 
   idmap_cache.tdb and winbindd_cache.tdb. After a winbind restart the 
   files were created again and „wbinfo -S <SID>” suddenly worked again.
   And with a working wbinfo my samba group problem was solved.

Maybe this will help you too.

Shade and sweet water!

	Stephan

-- 
| Stephan Seitz             E-Mail: stse at fsing.rootsland.net |
| PGP Public Keys: http://fsing.rootsland.net/~stse/pgp.html |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20100128/562532df/attachment.pgp>

More information about the Pkg-samba-maint mailing list