Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] getent group and net ads user info differs
17 views
Skip to first unread message
Cristian Saavedra
Apr 4, 2013, 10:50:02 AM4/4/13
to
Hello
I have a samba 4.0.3 pdc and a samba 3.5.10 as a fileserver and i am having an issue that i like to share with you.
I have a share son the samba 3 setup like this
[Comercial]
browsable = Yes
comment = Comercial
path = /shares2/Comercial
valid users = @Ingenieria, @Mercadeo, @Comercial, @SIIF, @Costos, administrador, backup
write list = @Comercial, @Mercadeo, @Ingenieria, administrador, claudiavillegas, manuelaparicio
read list = @Comercial, @SIIF, ,@Almacen, @Costos, @Uruguay, @Ingenieria, backup
force create mode = 666
force directory mode = 777
veto files = /*.exe/*.com/*.dll/*.mp3/*.bat/
As you can see the Comercial group is authorized to read and write, so i have this user lisanyurimicolta she is on the Comercial group:
[root@srvfs audit]# net ads user info lisanyurimicolta
Domain Users
TerminalServer
politicas3
SIIF
Comercial
[root@srvfs audit]#
srvfs is my samba 3.x server, but then she can't write on the share, so i'm executing a getent group to validate that she is on that group for the winbind, but i get this
[root@srvfs audit]# getent group comercial
comercial:*:16777233:claralibreros,christiancano,danilocampo,anabedoya,guillerminagarcia,humbertocardona,marthamurillo,pruebas,yoancanabal,andreasaa,adrianazapata,jhonrealpe,maryamgamboa,jassonaperador,adolfotrullo,christhianjimenez,mariaguerrero,mariomunera,mauricioperdomo,melbaorejuela,paolagomez,richardordonez,ginagarces,juanagudelo,adrianalopez,andrespossu,dianaolano,yulymejia,edwinyepes,jenniferbazantes,ronaldduque,maribelgomez,linabanol,lauramulcue,johncastillo,luzgallego,giovannysotomayor,andresgutierrez,arlexcardona,jonathangaviria,victorianavia,andrescampino
Why is this happening? any suggestions?
Thanks for your help.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I have a samba 4.0.3 pdc and a samba 3.5.10 as a fileserver and i am having an issue that i like to share with you.
I have a share son the samba 3 setup like this
[Comercial]
browsable = Yes
comment = Comercial
path = /shares2/Comercial
valid users = @Ingenieria, @Mercadeo, @Comercial, @SIIF, @Costos, administrador, backup
write list = @Comercial, @Mercadeo, @Ingenieria, administrador, claudiavillegas, manuelaparicio
read list = @Comercial, @SIIF, ,@Almacen, @Costos, @Uruguay, @Ingenieria, backup
force create mode = 666
force directory mode = 777
veto files = /*.exe/*.com/*.dll/*.mp3/*.bat/
As you can see the Comercial group is authorized to read and write, so i have this user lisanyurimicolta she is on the Comercial group:
[root@srvfs audit]# net ads user info lisanyurimicolta
Domain Users
TerminalServer
politicas3
SIIF
Comercial
[root@srvfs audit]#
srvfs is my samba 3.x server, but then she can't write on the share, so i'm executing a getent group to validate that she is on that group for the winbind, but i get this
[root@srvfs audit]# getent group comercial
comercial:*:16777233:claralibreros,christiancano,danilocampo,anabedoya,guillerminagarcia,humbertocardona,marthamurillo,pruebas,yoancanabal,andreasaa,adrianazapata,jhonrealpe,maryamgamboa,jassonaperador,adolfotrullo,christhianjimenez,mariaguerrero,mariomunera,mauricioperdomo,melbaorejuela,paolagomez,richardordonez,ginagarces,juanagudelo,adrianalopez,andrespossu,dianaolano,yulymejia,edwinyepes,jenniferbazantes,ronaldduque,maribelgomez,linabanol,lauramulcue,johncastillo,luzgallego,giovannysotomayor,andresgutierrez,arlexcardona,jonathangaviria,victorianavia,andrescampino
Why is this happening? any suggestions?
Thanks for your help.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Cristian Saavedra
Apr 4, 2013, 1:30:01 PM4/4/13
to
Hello Kevin
The group is on the samba AD and i don't have nis installed on this server, the nsswitch.conf is this.
passwd: files winbind
shadow: files winbind
group: files winbind
My OS is Centos 6.3
El 4/04/2013, a las 10:42, "Shaw, Kevin" <Kevin...@xerox.com> escribió:
> Cristian,
>
> The group commercial is in /etc/group or NIS group?
>
> cat /etc/group | grep lisanyurimicolta
>
> ypcat -k group | grep lisanyurimicolta
>
> If group is configured correctly I would look at /etc/nsswitch.conf. I don't know what OS you are running, this is where name switching is configured in Solaris.
>
> HTH,
>
> -Kevin
Cristian Saavedra
Apr 4, 2013, 6:50:01 PM4/4/13
to
Fixed!
[root@dominio Policies]# samba-tool dbcheck
Checking 1394 objects
ERROR: orphaned backlink attribute 'memberOf' in CN=lisanyurimicolta,CN=Users,DC=forsa,DC=com,DC=co for link member in CN=SIIF,CN=Users,DC=forsa,DC=com,DC=co
Not removing orphaned backlink member
ERROR: orphaned backlink attribute 'memberOf' in CN=lisanyurimicolta,CN=Users,DC=forsa,DC=com,DC=co for link member in CN=Comercial,CN=Users,DC=forsa,DC=com,DC=co
Not removing orphaned backlink member
ERROR: incorrect DN string component for member in object CN=SIIF,CN=Users,DC=forsa,DC=com,DC=co - <GUID=7ba58aea-6479-41a6-9e7c-cf69e62aad35>;CN=lisanyurimicolta,CN=Users,DC=forsa,DC=com,DC=co
Not fixing incorrect string version of DN
ERROR: incorrect DN string component for member in object CN=Comercial,CN=Users,DC=forsa,DC=com,DC=co - <GUID=7ba58aea-6479-41a6-9e7c-cf69e62aad35>;CN=lisanyurimicolta,CN=Users,DC=forsa,DC=com,DC=co
Not fixing incorrect string version of DN
Please use --fix to fix these errors
Checked 1394 objects (4 errors)
So i re ran the process with --fix and now i can see the user.
[root@dominio Policies]# samba-tool dbcheck
Checking 1394 objects
ERROR: orphaned backlink attribute 'memberOf' in CN=lisanyurimicolta,CN=Users,DC=forsa,DC=com,DC=co for link member in CN=SIIF,CN=Users,DC=forsa,DC=com,DC=co
Not removing orphaned backlink member
ERROR: orphaned backlink attribute 'memberOf' in CN=lisanyurimicolta,CN=Users,DC=forsa,DC=com,DC=co for link member in CN=Comercial,CN=Users,DC=forsa,DC=com,DC=co
Not removing orphaned backlink member
ERROR: incorrect DN string component for member in object CN=SIIF,CN=Users,DC=forsa,DC=com,DC=co - <GUID=7ba58aea-6479-41a6-9e7c-cf69e62aad35>;CN=lisanyurimicolta,CN=Users,DC=forsa,DC=com,DC=co
Not fixing incorrect string version of DN
ERROR: incorrect DN string component for member in object CN=Comercial,CN=Users,DC=forsa,DC=com,DC=co - <GUID=7ba58aea-6479-41a6-9e7c-cf69e62aad35>;CN=lisanyurimicolta,CN=Users,DC=forsa,DC=com,DC=co
Not fixing incorrect string version of DN
Please use --fix to fix these errors
Checked 1394 objects (4 errors)
So i re ran the process with --fix and now i can see the user.
L.P.H. van Belle
Apr 5, 2013, 2:20:01 AM4/5/13
to
Hai,
maybe im wrong, but..
net ads user info lisanyurimicolta
>Domain Users
>TerminalServer
>politicas3
>SIIF
>Comercial Comercial...
getent group comercial
Capital C ? so 2 different groups is what your talking about.
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: c...@asualcance.com [mailto:samba-...@lists.samba.org]
>Namens Cristian Saavedra
>Verzonden: donderdag 4 april 2013 16:45
>Aan: sa...@lists.samba.org
>Onderwerp: [Samba] getent group and net ads user info differs
maybe im wrong, but..
net ads user info lisanyurimicolta
>Domain Users
>TerminalServer
>politicas3
>SIIF
getent group comercial
Capital C ? so 2 different groups is what your talking about.
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: c...@asualcance.com [mailto:samba-...@lists.samba.org]
>Namens Cristian Saavedra
>Verzonden: donderdag 4 april 2013 16:45
>Aan: sa...@lists.samba.org
>Onderwerp: [Samba] getent group and net ads user info differs
0 new messages