[Freeipa-users] IPA, samba, and secondary groups
Kelvin Edmison
kelvin at kindsight.net
Wed Feb 29 16:24:25 UTC 2012
Hi all,
I am running into an issue where users cannot access a samba volume if
their only access is via a secondary group. For example, if testuser's
primary group is ipausers, and secondary groups include testgroup, and the
samba mount permissions are adminuser:testgroup:rwxrwx---, then testuser
cannot read or write to the samba mount. If the testuser is change so that
its primary group is testgroup, then testuser can access the volume.
In this case, samba is running on a separate CentOS 5 server, configured to
access IPA via LDAP. It is a requirement that I support
userid/password-based access to the samba server, as I cannot roll all my
users onto kerberos right away.
Doe anyone have any insight as to what is going on and how it can be fixed?
Thanks,
Kelvin
More information about the Freeipa-users
mailing list