On 12-03-03 5:56 AM, "Christian Horn" <[email protected]> wrote:
> Hi, > > On Wed, Feb 29, 2012 at 11:24:25AM -0500, Kelvin Edmison wrote: >> >> I am running into an issue where users cannot access a samba volume if >> their only access is via a secondary group. For example, if testuser's >> primary group is ipausers, and secondary groups include testgroup, and the >> samba mount permissions are adminuser:testgroup:rwxrwx---, then testuser >> cannot read or write to the samba mount. If the testuser is change so that >> its primary group is testgroup, then testuser can access the volume. >> >> In this case, samba is running on a separate CentOS 5 server, configured to >> access IPA via LDAP. It is a requirement that I support >> userid/password-based access to the samba server, as I cannot roll all my >> users onto kerberos right away. >> >> Doe anyone have any insight as to what is going on and how it can be fixed? > > I did see something similiar recently, the ldapsam backend in samba was > used. > You might want to try out 'ldapsam:trusted = no' in smb.conf . That was it exactly. Many thanks for the pointer! Kelvin _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
