[Samba] Problems with group assignments

Fri, 20 May 2011 06:01:21 -0700 

Dear All,

        We are trying to transfer a SaMBa installation from an old server to a 
newer more up-to-date one. The original server was sharing files to Windows XP 
systems in Active Directory (Windows Server 2003 R2 version), but as we move to 
Windows 7 and Active Directory (Windows Server 2008 R2 version) we need to 
upgrade the service.

        The old server was part of a NIS domain, with the "valid users", "write 
list", etc entries in its smb.conf referring to the NIS groups using the "@" 
sign (which the documentation says it means "is interpreted as an NIS netgroup 
first (if your system supports NIS), and then as a UNIX group if the name was 
not found in the NIS netgroup database"; see 
http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#INVALIDUSERS). It 
all worked fine as it picked users' group membership from NIS.

        The new server is a Solaris 10 box running SaMBa 3.5.5, and we are 
having problems with it picking up the group memberships. The old server's 
smb.conf was transplanted to the new server (with a few path changes), and the 
new server was successfully added to our Active Directory domain. As the new 
server is NOT a member of NIS, we made a copy of all the smb.conf-relevant 
groups to its local /etc/group and added all the users to the /etc/passwd file. 
With these changes we can access the shares using the AD usernames and 
passwords as long as they are not access-limited by "valid users", so the 
integration of the server into AD is working. But if we add a "valid users = 
@group" line to the share in smb.conf, it will completely refuse access to all 
users, even the ones belonging to the group. Leaving the share accessible to 
all, but adding a "write list = @group" line to smb.conf, will allow access, 
but no one will be able to write to it, even the members of the group. If we 
chan
 ge the "write list" and "valid users" lines to list the usernames directly 
instead of through a group membership, it works. To avoid even attempting to 
talk to NIS, we changed the "@" signs for "+", but it still kept refusing to 
recognize group memberships (NIS or local UNIX ones). So it seems our new SaMBa 
is having problems recognizing group memberships.

        What am I doing wrong? Have SUN/Oracle done something to stop SaMBa 
accessing its local UNIX groups?

        Thank you for your help.

        Yours,

                David del Campo

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to