From: davefu on

Bump


Wes Deviers wrote:
>
> I'm having this same problem, but it's new. Using 3.4.2 Debian packages,
> recently upgraded. I never had any type of LDAP group caching problem
> until
> the last 2 weeks. I added a user to an LDAP group as normal because they
> needed access to a new share. Cleared the nscd caches as normal. The
> service
> definition uses
>
> force group = +groupName
> valid users = @admins, @groupName
> write list = @admins, @groupName
>
> All of the people previously in @groupName retain access to the share.
> The
> person I just added cannot access it. getent, groups, etc all return the
> correct group membership. If I add the account explicitly to valid users
> &
> write list, it works as soon as I do an smbd reload.
>
> Did some behavior change or have we stumbled on a new bug?
>
> Wes
>
>
>
> On Monday 30 November 2009 07:29:33 am davefu wrote:
>>
>> Hi, thanks for answering.
>>
>> I have only 1 Samba server. When I mentioned changes on groups, I meant
>> on
>> LDAP server. LDAP is used on both system and samba environments. When
>> changing groups on users, those changes are instant on the system
>> environment, but not on Samba.
>>
>> - I create a new "Folder A", with full permissions for "Group A"
>> - "User B" (belonging to group B), logs via SSH to the server, and can't
>> access the "Folder A".
>> - "User B" logs via Samba using his Windows desktop machine, and can't
>> access the "Folder A" (previously configured inside a Samba Resource).
>> - Now I add "User B" to "Group A" via LDAP. He belongs now to "Group A"
>> and
>> "Group B".
>> - Getent group | grep "User B" shows correctly both groups on the user.
>> - "User B" correctly access "Folder A", write files, etc via console,
>> ssh,
>> or any kind of regular system authentication (since system is using pam
>> libraries, configured to use LDAP as backend).
>> - "User B" still can't access "Folder A" in any way. Samba has cached
>> "User
>> B" credentials, and haven't checked LDAP again for a while. The only
>> option
>> is to restart Samba, or wait randomly until Samba refreshes / syncs LDAP
>> info about that user again.
>>
>> Hope this little story explains my problem better.
>> Sorry for my english.
>>
>> Thanks!
>>
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>

--
View this message in context: http://old.nabble.com/Samba-%2B-LDAP%3A-Changing-user%27s-group-tp26421317p26870920.html
Sent from the Samba - General mailing list archive at Nabble.com.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba