Bug 5687 - user account hides group account with same name for valid users
user account hides group account with same name for valid users
Status: RESOLVED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts
3.0.28a
x64 Linux
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-12 16:31 UTC by seths.box
Modified: 2008-08-13 13:46 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description seths.box 2008-08-12 16:31:00 UTC
I have an unix user 'Admin' and an unix group 'Admin' here. The group contains several other users. And there is a share with:

valid users = @Admin

I can't connect to this share, as long as this line is in. 
After a few hours I found out that the user 'Admin' is responsible for this, the logfile prints this:

[2008/08/12 17:57:24, 5] smbd/share_access.c:token_contains_name(125)
  Admin is a User, expected a group
[2008/08/12 17:57:24, 2] smbd/service.c:make_connection_snum(616)
  user 'markus' (from session setup) not permitted to access this share (all)

Now this problem kind of sounds like what I found at #609, but I still think this should be considered a bug. 'valid users' is expecting a group after the '@' and there actually _is_ a group with that name. Still it doesn't print any warning on low logging levels and just silently blocks the whole share. Furthermore the user 'markus' is member of the group 'Admin' and therefore actually has the correct permission for the accessing the share.

After renaming the unix user account Admin, everything worked as expected.
Comment 1 Jeremy Allison 2008-08-12 18:57:28 UTC
Can you try and reproduce this on Samba 3.2.1 please (current latest release). There have been many changes which may fix this and I don't want to track down an already fixed bug.
Thanks,
Jeremy.
Comment 2 seths.box 2008-08-13 13:46:07 UTC
Ok, I compiled 3.2.1 from source an installed it on a testing box, and it worked. A user having the same name as a group didn't prevent the share from working correctly. 
Too bad that there are no up-to-date binary packages for that version :/
Thanks anyways