Giorgio Volpe wrote:
> I have a file server with two shares accessible to 2 different groups.
After the last update ( from debian 2:3.2.5-4 to 2:3.3.2-1 ) i cannot
any more access ONLY ONE of the two shares and I can't understand the
reason!
> Can anyone hel me? I'm getting mad!
Please do not get mad - it is counter-productive!
Have you mapped your UNIX groups to Windows groups? This can be achieved
by executing (for each group):
net groupmap add unixgroup='group_name' ntgroup='windows_group_name' type=d
Also, anywhere that 'valid groups' is specified, follow the convention of
fully specifying the context of group security object like this:
valid users = @"DOMAIN_NAME\group_name"
- John T.
> Thanks
> Giorgio
>
>
> from smb.conf:
>
> [documenti_movi]
> path = /home/documenti_movi
> valid users = @staffmovi
> read only = No
> create mask = 0770
> directory mask = 0770
> case sensitive = No
>
> [documenti_csv]
> path = /home/csv/documenti
> valid users = @csv
> read only = No
> create mask = 0770
> directory mask = 0770
> case sensitive = No
>
> From /etc/group
>
>
> staffmovi:x:113:giorgio,boris,alberto,annamaria,simona.celotti,martina,franco,giovanna
>
> csv:x:1005:giorgio,franco,simona.celotti
>
>
> Executing 'id giorgio':
>
> uid=1000(giorgio) gid=1000(giorgio)
>
> gruppi=24(cdrom),25(floppy),29(audio),44(video),46(plugdev),113(staffmovi),1005(csv),1000(giorgio)
>
>
>
> From samba log: trying access to 'documenti_movi' copared with access to
'documenti_csv' as user giorgio (from an xp client)
>
> [2009/04/20 11:06:59, 3] smbd/process.c:switch_message(1378)
> switch message SMBtconX (pid 27040) conn 0x0
> [2009/04/20 11:06:59, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/04/20 11:06:59, 5] auth/token_util.c:debug_nt_user_token(522)
> NT user token: (NULL)
> [2009/04/20 11:06:59, 5] auth/token_util.c:debug_unix_user_token(548)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
> [2009/04/20 11:06:59, 5] smbd/uid.c:change_to_root_user(318)
> change_to_root_user: now uid=(0,0) gid=(0,0)
> [2009/04/20 11:06:59, 4] smbd/reply.c:reply_tcon_and_X(715)
> Client requested device type [?????] for share [DOCUMENTI_MOVI]
> [2009/04/20 11:06:59, 5] smbd/service.c:make_connection(1298)
> making a connection to 'normal' service documenti_movi
> [2009/04/20 11:06:59, 3] lib/util_sid.c:string_to_sid(228)
> string_to_sid: Sid @staffmovi does not start with 'S-'.
> [2009/04/20 11:06:59, 5] smbd/password.c:user_in_netgroup(425)
> Unable to get default yp domain, let's try without specifying it
> [2009/04/20 11:06:59, 5] smbd/password.c:user_in_netgroup(429)
> looking for user giorgio of domain (ANY) in netgroup staffmovi
> [2009/04/20 11:06:59, 5] smbd/password.c:user_in_netgroup(445)
> looking for user giorgio of domain (ANY) in netgroup staffmovi
> [2009/04/20 11:06:59, 10] passdb/lookup_sid.c:lookup_name(69)
> lookup_name: MOVI\staffmovi => MOVI (domain), staffmovi (name)
> [2009/04/20 11:06:59, 10] passdb/lookup_sid.c:lookup_name(70)
> lookup_name: flags = 0x077
> [2009/04/20 11:06:59, 3] smbd/sec_ctx.c:push_sec_ctx(224)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2009/04/20 11:06:59, 3] smbd/uid.c:push_conn_ctx(388)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2009/04/20 11:06:59, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2009/04/20 11:06:59, 5] auth/token_util.c:debug_nt_user_token(522)
> NT user token: (NULL)
> [2009/04/20 11:06:59, 5] auth/token_util.c:debug_unix_user_token(548)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
> [2009/04/20 11:06:59, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/04/20 11:06:59, 10] passdb/lookup_sid.c:lookup_name(69)
> lookup_name: Unix Group\staffmovi => Unix Group (domain), staffmovi
(name)
> [2009/04/20 11:06:59, 10] passdb/lookup_sid.c:lookup_name(70)
> lookup_name: flags = 0x077
> [2009/04/20 11:06:59, 10] smbd/share_access.c:user_ok_token(212)
> User giorgio not in 'valid users'
> [2009/04/20 11:06:59, 2]
smbd/service.c:create_connection_server_info(659)
> user 'giorgio' (from session setup) not permitted to access this share
> (documenti_movi)
>
> [2009/04/20 11:13:15, 3] smbd/process.c:switch_message(1378)
> switch message SMBtconX (pid 27200) conn 0x0
> [2009/04/20 11:13:15, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/04/20 11:13:15, 5] auth/token_util.c:debug_nt_user_token(522)
> NT user token: (NULL)
> [2009/04/20 11:13:15, 5] auth/token_util.c:debug_unix_user_token(548)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
> [2009/04/20 11:13:15, 5] smbd/uid.c:change_to_root_user(318)
> change_to_root_user: now uid=(0,0) gid=(0,0)
> [2009/04/20 11:13:15, 4] smbd/reply.c:reply_tcon_and_X(715)
> Client requested device type [?????] for share [DOCUMENTI_CSV]
> [2009/04/20 11:13:15, 5] smbd/service.c:make_connection(1298)
> making a connection to 'normal' service documenti_csv
> [2009/04/20 11:13:15, 3] lib/util_sid.c:string_to_sid(228)
> string_to_sid: Sid @csv does not start with 'S-'.
> [2009/04/20 11:13:15, 5] smbd/password.c:user_in_netgroup(425)
> Unable to get default yp domain, let's try without specifying it
> [2009/04/20 11:13:15, 5] smbd/password.c:user_in_netgroup(429)
> looking for user giorgio of domain (ANY) in netgroup csv
> [2009/04/20 11:13:15, 5] smbd/password.c:user_in_netgroup(445)
> looking for user giorgio of domain (ANY) in netgroup csv
> [2009/04/20 11:13:15, 10] passdb/lookup_sid.c:lookup_name(69)
> lookup_name: MOVI\csv => MOVI (domain), csv (name)
> [2009/04/20 11:13:15, 10] passdb/lookup_sid.c:lookup_name(70)
> lookup_name: flags = 0x077
> [2009/04/20 11:13:15, 3] smbd/sec_ctx.c:push_sec_ctx(224)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2009/04/20 11:13:15, 3] smbd/uid.c:push_conn_ctx(388)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2009/04/20 11:13:15, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2009/04/20 11:13:15, 5] auth/token_util.c:debug_nt_user_token(522)
> NT user token: (NULL)
> [2009/04/20 11:13:15, 5] auth/token_util.c:debug_unix_user_token(548)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
> [2009/04/20 11:13:15, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/04/20 11:13:15, 10] passdb/lookup_sid.c:lookup_name(69)
> lookup_name: Unix Group\csv => Unix Group (domain), csv (name)
> [2009/04/20 11:13:15, 10] passdb/lookup_sid.c:lookup_name(70)
> lookup_name: flags = 0x077
> [2009/04/20 11:13:15, 10] smbd/share_access.c:user_ok_token(234)
> user_ok_token: share documenti_csv is ok for unix user giorgio
>
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
