Bug 6657 - User's additional groups not showing up
Summary: User's additional groups not showing up
Status: RESOLVED INVALID
Alias: None
Product: Samba 3.2
Classification: Unclassified
Component: File services (show other bugs)
Version: 3.2.0
Hardware: x64 Linux
: P3 major
Target Milestone: ---
Assignee: Volker Lendecke
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-08-23 09:41 UTC by David S. Collier-Brown
Modified: 2010-02-07 11:17 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David S. Collier-Brown 2009-08-23 09:41:02 UTC 
User eftmanager is in the AD group NMCS\uploadwip, 
which maps to gid 15007 on Samba, but when connecting
on SuSE, can't access files.

id says:
id=6010(eftmanager) gid=3011(eftwrite)
groups=3011(eftwrite),3004(fileadmin),3007(idgwrite),
3008(idgread)

As the group isn't getting passed through ,at
least as far as "id" is concerned, the inability
to open the files seems to be a case of missing
groups.

/etc/release says the machine is
SUSE Linux Enterprise Server 10 (x86_64)
SGI InfiniteStorage Software Platform, version 1.6, Build sgi160r2-1.6, Wed Apr  1 19:00:40 UTC 2009

RPM says: 
rpm -q -f /usr/sbin/smbd
sgi-samba-3.2.0-24.1sgi160r2

The primary rapporteur is Ron Short,
short@sgi.com
Comment 1 David S. Collier-Brown 2009-08-23 09:43:04 UTC 
A proposed workaround/confirmation: 
manually add the applicable groups to eftmanager's
list in /etc/groups
Comment 2 Volker Lendecke 2009-08-24 01:19:42 UTC 
To me this sounds like a configuration problem. Please upload your smb.conf. Are you running winbind? How do you map groups from AD to Unix?

Volker
Comment 3 Karolin Seeger 2009-08-24 03:39:19 UTC 
Correcting component and version number.
Comment 4 David S. Collier-Brown 2009-08-24 08:48:16 UTC 
I know the smb.conf, we'll need to ask Ron
the other questions...

I find I can't add him as a CC, he's
Ron Short <short@sgi.com>. Can you???


sdathengmds01:~ # more /etc/samba/smb.conf

# Global parameters
[global]
       workgroup = NMCS
       realm = NMCS.SDMENGINEERING.COM
       netbios name = ENGSMB
       name resolve order = lmhosts host wins bcast
       interfaces = 162.49.57.25/0xffffff00
       bind interfaces only = Yes
       security = ADS
       auth methods = winbind
       password server = dmcontroller2.nmcs.sdmengineering.com,
dmcontroller3.n
mcs.sdmengineering.com
       #passwd program = /usr/bin/passwd %u
       #passwd chat = *ew*password:* %n\n *e-enter*new*password:* %n\n
       max log size = 500
       max xmit = 65535
       os level = 0
       preferred master = No
       local master = No
       domain master = No
       ldap ssl = no
       idmap uid = 15000-20000
       idmap gid = 15000-20000
       comment = %h (Samba %v)
       hosts allow = 162.49.57.
       hide dot files = No
       locking = No
       share modes = No

[library]
       path = /media/library
       read only = No
       directory mask = 0775
       #force group = +dmfwrite
[cam]
       path = /media2/cam
       read only = No
       directory mask = 0775
       #force group = +dmfwrite
Comment 5 Volker Lendecke 2009-08-24 08:50:57 UTC 
Probably he needs an account in bugzilla. But we can probably do it via you.

Volker
Comment 6 Volker Lendecke 2009-11-30 16:16:36 UTC 
Any more info here?
Comment 7 Volker Lendecke 2010-02-07 11:17:22 UTC 
No feedback, closing.

Volker