[Pkg-samba-maint] DO NOT REPLY [Bug 6230] 'force group' still broken in 3.3.2
samba-bugs at samba.org
samba-bugs at samba.org
Tue Jun 9 10:57:34 UTC 2009
https://bugzilla.samba.org/show_bug.cgi?id=6230
------- Comment #31 from korn-bugzilla.samba.org at elan.rulez.org 2009-06-09 05:57 CST -------
(In reply to comment #28)
Hi,
Thanks for investigating!
> Ok, this took a while. This is very, very confusing but technically not a bug.
> You have ldapsam:trusted=yes with an invalid LDAP database. The primary group
> of user "guy", also "guy" does not have a sambaGroupMapping. This is the
> invalid configuration part. This leads to the token not assigning the SID for
> the primary group, which would be the second SID in the token. Normally, this
> SID is being taken by the primary unix group's SID. That SID missing means
I'm either missing something or disagreeing with you, I don't know which. :) To
me, the intuitive behaviour would be for Samba to join all Unix groups the
connecting user is a member of, regardless of whether they have
sambaGroupMappings; as I understood it so far, sambaGroupMappings are only
there for the benefit of Windows. If a group has no mapping, then Windows can't
see it (meaning that Samba doesn't advertise it in any way).
Why is it necessary for all groups, even the ones only used on the Unix side,
to have sambaGroupMappings? If a group that has no such mapping owns a file,
that ownership needn't be reported to Windows at all (as it's not necessary
that a file be owned by a user as well as a group in Winland). It can be
omitted from ACLs reported to Windows too. I can't currently think of a
scenario that would make it necessary to insist on all Unix groups to have
sambaGroupMappings.
In any case, I'd consider the misleading error message to be a bug; at least a
warning to the effect of "Group 'foo' doesn't have a sambaGroupMapping,
ignoring it" should, I think, be logged.
Andras
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.
More information about the Pkg-samba-maint
mailing list