[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ldap woes
Hello
I just set up a LDAP server for user and group management. From the OS
level this works fine and all group permissions etc. are working just the
way they ought to.
The idea was (and still is) to use the LDAP server as a repository for each
Samba server. I set up the /etc/nsswitch.conf file on each Samba server
accordingly and when I connect from a Win$ box I can log into a samba share
and the existence of the Unix account is checked against LDAP.
I tried the following.
User: Member of Group:
john sales, marketing, all
jack sales, all
fred all
the default (primary) group for all users is group "all"
I defined a share "testing" on Samba saying "valid users = +sales" and
behold only john and jack are able to connect.
I redifined the share to "valid users = +all" and john,jack,and fred can
connect.
I created a directory under testing named "budget" and did a "chown
fred:sales and a chmod 770 for that thing"
As root I do a "su john" changed into budget and created a file without a
hitch.
>From Windows I tried to create a directory as user john under budget and
get "no permission"
I define a "force group = sales" for that share and it works.
Now this isn't of much use, of no use at all to be true so I put all the
information from the Ldap server into /etc/passwd /etc/group
adjusted /etc/nsswitch turned the Ldap server off and everything worked as
expected.
Why is the LDAP server in conjunction with samba always comming along with
the default group ID not checking whether the user belongs to any other
groups that would permit the requested action as it is on the OS level or
when using the /etc files ???
Strangely enough it must be checking for additional groups in the first
place for when I connect to the share being defined as "valid users =
+sales" the connect succeeds and I can mount the thing.
If I could get this solved that would make it ready to go.
Help is greatly (and I mean it) appreaciated
Best regards
Klaus Groß