[Freeipa-users] IPA, samba, and secondary groups
Christian Horn
chorn at fluxcoil.net
Sat Mar 3 10:56:55 UTC 2012
Hi,
On Wed, Feb 29, 2012 at 11:24:25AM -0500, Kelvin Edmison wrote:
>
> I am running into an issue where users cannot access a samba volume if
> their only access is via a secondary group. For example, if testuser's
> primary group is ipausers, and secondary groups include testgroup, and the
> samba mount permissions are adminuser:testgroup:rwxrwx---, then testuser
> cannot read or write to the samba mount. If the testuser is change so that
> its primary group is testgroup, then testuser can access the volume.
>
> In this case, samba is running on a separate CentOS 5 server, configured to
> access IPA via LDAP. It is a requirement that I support
> userid/password-based access to the samba server, as I cannot roll all my
> users onto kerberos right away.
>
> Doe anyone have any insight as to what is going on and how it can be fixed?
I did see something similiar recently, the ldapsam backend in samba was
used.
You might want to try out 'ldapsam:trusted = no' in smb.conf .
Christian
More information about the Freeipa-users
mailing list