Jeremy,
Never having worked with winbind, I claim a certain amount of ignorance
here. I can't login as a specific user because I don't have telnet
enabled on the samba server (none of the specific kerberos stuff is
configured). Even though I have the template shell configured and getent
passwd shows everything correctly for user 'CATNET\rtanner', I can't
login via ssh. When I use smbclient I don't have access to the id
command (or I don't know how to access it). But when logged in as root,
I do "getent group | grep 'CATNET\\rtanner', I see what I expected. It
shows me in the 'CATNET\adm staff' security group but not in
'CATNET\adm'. The former is a member of the latter so, at least on
Microsoft Windows shares access granted to 'CATNET\adm' applies to
'CATNET\adm staff' as well, and that's what's not happening when
mounting SAMBA shares.
So, at this point, I'm not sure how to go about starting to debug why
winbind isn't showing my membership in the 'CATNET\adm' group as well.
I've followed the procedures in the official HOWTO, but if there's
something I missed that would cause just this particular problem, do you
know what that might be?
Thanks,
Rob
On 06/27/2006 01:16 PM, Jeremy Allison wrote:
On Tue, Jun 27, 2006 at 10:49:04AM -0700, Rob Tanner wrote:
Here's the problem, a member of 'CATNET\adm staff' cannot access a file
for which 'CATNET\adm' has r/w access (group:CATNET\134adm:rwx). But if
I add 'CATNET\adm staff' even though 'CATNET\adm staff' is a member of
'CATNET\adm', it works. I thought this might be related to the smb.conf
parameter 'winbind nested groups', which I set to 'yes', but it made no
difference. Any ideas?
Yes, that's got to be nested group evaluation not working
right. Try logging on as the specific user and then
calling the 'id' command to see what groups you're in.
They're the ones that winbindd is giving you (and the
same ones smbd will be using). From that you should be
able to start debugging why winbindd isn't giving the
full group list.
Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
