[Pkg-samba-maint] Bug#832318: samba: valid users = +group can't work with open LDAP

Tomoo Nomura nomura at tmo.co.jp
Sun Jul 24 07:25:32 UTC 2016 

Package: samba
Version: 2:4.1.17+dfsg-2
Severity: normal

Dear Maintainer,

Access control, valid user = +group, can't work when using with open LDAP, while it works fine with /etc/group.
For examples, user=nomura is a member of group named manager and mount [testmanager] from another debian jessie machine. It shows "mount error(13): Permission denied ".
smb.conf:
[testmanager]
   comment = Testmanager
   path = /public/storage/testmanager
   directory mask = 0770
   force create mode = 0770
   create mask = 0770
   browseable = no
   writable = yes
   valid users = +manager
   nt acl support = no

testmachine at root:~# smbldap-groupshow manager
dn: cn=manager,ou=Groups,dc=examples,dc=com
objectClass: posixGroup,sambaGroupMapping
sambaSID: S-1-5-21-1701303421-278908xx-1134356543xxx
cn: manager
gidNumber: 3000
sambaGroupType: 2
displayName: manager
memberUid: nomura,aaaaaa,bbbbbb,cccccc,dddd,eeeeeee

I checked the same case with /etc/passwd and /etc/group on another jessie server, and found it works fine.

In addtion, replacing "valid users = +manager" by "valid users = nomura" avoids the problem, works fine.
 

-- System Information:
Debian Release: 8.2
  APT prefers stable
  APT policy: (101, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to ja_JP.UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages samba depends on:
ii  adduser                              3.113+nmu3
ii  dpkg                                 1.17.25
ii  libasn1-8-heimdal                    1.6~rc2+dfsg-9
ii  libbsd0                              0.7.0-2
ii  libc6                                2.19-18+deb8u1
ii  libcomerr2                           1.42.12-1.1
ii  libhdb9-heimdal [heimdal-hdb-api-8]  1.6~rc2+dfsg-9
ii  libkdc2-heimdal                      1.6~rc2+dfsg-9
ii  libkrb5-26-heimdal                   1.6~rc2+dfsg-9
ii  libldb1                              2:1.1.17-2
ii  libpam-modules                       1.1.8-3.1
ii  libpam-runtime                       1.1.8-3.1
ii  libpopt0                             1.16-10
ii  libpython2.7                         2.7.9-2
ii  libroken18-heimdal                   1.6~rc2+dfsg-9
ii  libtalloc2                           2.1.1-2
ii  libtdb1                              1.3.1-1
ii  libtevent0                           0.9.21-1
ii  lsb-base                             4.1+Debian13+nmu1
ii  multiarch-support                    2.19-18+deb8u1
ii  procps                               2:3.3.9-9
ii  python                               2.7.9-1
ii  python-dnspython                     1.12.0-1
ii  python-ntdb                          1.0-5
ii  python-samba                         2:4.1.17+dfsg-2
pn  python2.7:any                        <none>
ii  samba-common                         2:4.1.17+dfsg-2
ii  samba-common-bin                     2:4.1.17+dfsg-2
ii  samba-dsdb-modules                   2:4.1.17+dfsg-2
ii  samba-libs                           2:4.1.17+dfsg-2
ii  tdb-tools                            1.3.1-1
ii  update-inetd                         4.43

Versions of packages samba recommends:
ii  attr               1:2.4.47-2
ii  logrotate          3.8.7-1+b1
ii  samba-vfs-modules  2:4.1.17+dfsg-2

Versions of packages samba suggests:
ii  bind9          1:9.9.5.dfsg-9+deb8u3
ii  bind9utils     1:9.9.5.dfsg-9+deb8u3
pn  ctdb           <none>
pn  ldb-tools      <none>
pn  ntp            <none>
ii  smbldap-tools  0.9.9-1
ii  winbind        2:4.1.17+dfsg-2

-- debconf information:
  samba/run_mode: daemons
  samba-common/title:
  samba/tdbsam: false
  samba/generate_smbpasswd: true

More information about the Pkg-samba-maint mailing list