Bug 3741 - Unix groups do no longer work with valid users
Summary: Unix groups do no longer work with valid users
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.23
Hardware: x86 Linux
: P3 major
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2006-04-28 17:51 UTC by Marcel Müller
Modified: 2006-04-30 09:36 UTC (History)
0 users

See Also:

config file for the test (1.52 KB, text/plain)
2006-04-29 11:36 UTC, Marcel Müller
no flags Details
Level 10 log (33.20 KB, text/plain)
2006-04-29 13:44 UTC, Marcel Müller
no flags Details
Patch checked in with r15360 (1.35 KB, patch)
2006-04-30 09:35 UTC, Volker Lendecke
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marcel Müller 2006-04-28 17:51:41 UTC
With smbd 3.0.23 the access to shares protected by a valid users constraint is denied if the permission is grant to a unix group.

E.g. if I have a share with "valid users = @users" (or something similar) nobody can access this share. If I enter the user names directly, everything is fine.

The problem seems to have something to do with gid mapping.
I fixed it by this dirty patch:

Index: passdb/lookup_sid.c
--- passdb/lookup_sid.c (revision 15311)
+++ passdb/lookup_sid.c (working copy)
@@ -1070,11 +1070,12 @@
                goto done;

+       /* GID-BUG???
        if (pdb_rid_algorithm() && (gid < max_algorithmic_gid())) {
                sid_copy(psid, get_global_sam_sid());
                sid_append_rid(psid, pdb_gid_to_group_rid(gid));
                goto done;
-       } else {
+       } else */ {
                sid_copy(psid, &global_sid_Unix_Groups);
                sid_append_rid(psid, gid);
                goto done;

However, it is unlikely that I hit the nail on the head.

I use the LANMAN2 protocol (OS/2 clients) and a Linux server. But as far as I remember I had the same problem using the NTLM protocol.

Comment 1 Volker Lendecke 2006-04-29 07:16:37 UTC
Could you please append a debug level 10 smbd log and your smb.conf file?

I thought I had made a provision to solve exactly this issue.


Comment 2 Marcel Müller 2006-04-29 11:36:38 UTC
Created attachment 1882 [details]
config file for the test
Comment 3 Marcel Müller 2006-04-29 13:44:13 UTC
Created attachment 1883 [details]
Level 10 log
Comment 4 Volker Lendecke 2006-04-30 09:35:31 UTC
Created attachment 1884 [details]
Patch checked in with r15360
Comment 5 Volker Lendecke 2006-04-30 09:36:22 UTC
The patch I just attached fixes the problem for me. Please re-open and send in new debug level 10 logs if it still fails for you.

Thanks for testing!