Web lists-archives.com

[Samba] Permission issue


We did a classicupgrade of our Ubuntu Server (4.3.11, TDB), the server DC5 also host shares. Post the migration we are seeing some permission issues.

When trying to give permission to a domain group/user to folder/file we get the following

chown "LIN\\myadmin:LIN\\adgroup" adtest/
chown: invalid user: 'LIN\\myadmin:LIN\\adgroup'

wbinfo --ping-dc : checking the NETLOGON for domain[LIN] dc connection to "dc5.LIN.group" succeeded

The getent group comes up with no results
getent group "LIN\\adgroup"
getent passwd "LIN\\mygroup"

Here is the smb.conf

        workgroup = LIN
        realm = LIN.GROUP
        netbios name = dc5
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        log file = /var/log/samba/log.%m
        log level = 1

        winbind nss info = rfc2307

        idmap config * : backend = tdb
        idmap config * : range = 4000-7999
        idmap config LIN:backend = ad
        idmap config LIN:schema_mode = rfc2307
        idmap config LIN:range = 10000-999999

        vfs objects = acl_xattr
        map acl inherit = yes
        store dos attributes = yes

        # Template settings for login shell and home directory
        template shell = /bin/bash
        template homedir = /home/%U

here is nsswitch.conf
passwd:         files winbind
group:          files winbind
shadow:         compat

If the group in question exist in /etc/group it works, because it is local. But if the group is new or if the group has been removed from /etc/group and AD it doesn't.

We have added the SeDiskOperatorPrivilege to the user making the chown calls.

Any suggestions?

Praveen Ghimire

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba