Package: samba Version: 2:3.2.5-4lenny6 Severity: important When upgrading from Etch samba stopped checking secondary groups in /etc/group for filesystem permissions when determining filesystem access. We use winbind and authentication is working correctly. If the group onwership is changed to the primary group (from /etc/passwd), the file is owned by the user or everyone has rights access is granted as per the unix permissions. Group and User enumeration is shown to be working (turning up debug and checking the logs shows it enumerated to the UID and GID for that user from /etc/passwd). getent groups shows the normal (full) group listing as it should.
A few other things I should note: SELINUX is turned off completely. Permissions on /etc/passwd and /etc/group are both 644 This exact config was working on Etch with the standard samba packages and winbind (no configuration changes were made on upgrade until after problems were seen). I tried setting the following in /etc/samba/smb.cnf (all to no effect): unix extensions = no auth methods = winbind nt acl support = yes -- System Information: Debian Release: 5.0.2 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages samba depends on: ii adduser 3.110 add and remove users and groups ii debconf [debcon 1.5.24 Debian configuration management sy ii libacl1 2.2.47-2 Access control list shared library ii libattr1 1:2.4.43-2 Extended attribute shared library ii libc6 2.7-18 GNU C Library: Shared libraries ii libcomerr2 1.41.3-1 common error description library ii libcups2 1.3.8-1+lenny6 Common UNIX Printing System(tm) - ii libgnutls26 2.4.2-6+lenny1 the GNU TLS library - runtime libr ii libkrb53 1.6.dfsg.4~beta1-5lenny1 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries ii libpam-modules 1.0.1-5+lenny1 Pluggable Authentication Modules f ii libpam-runtime 1.0.1-5+lenny1 Runtime support for the PAM librar ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules l ii libpopt0 1.14-4 lib for parsing cmdline parameters ii libtalloc1 1.2.0~git20080616-1 hierarchical pool based memory all ii libwbclient0 2:3.2.5-4lenny6 client library for interfacing wit ii logrotate 3.7.1-5 Log rotation utility ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip ii procps 1:3.2.7-11 /proc file system utilities ii samba-common 2:3.2.5-4lenny6 Samba common files used by both th ii update-inetd 4.31 inetd configuration file updater ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime samba recommends no packages. Versions of packages samba suggests: pn ldb-tools <none> (no description available) ii openbsd-inetd [inet-superse 0.20080125-2 The OpenBSD Internet Superserver ii smbldap-tools 0.9.4-1 Scripts to manage Unix and Samba a -- debconf information: samba/run_mode: daemons samba/generate_smbpasswd: false ii libwbclient0 2:3.2.5-4lenny6 client library for interfacing with winbind ii winbind 2:3.2.5-4lenny6 service to resolve user and group informatio cat /etc/samba/smb.conf (with comments clipped): [global] unix extensions = no workgroup = Palantir server string = vash server (Samba %v) wins support = no wins server = 192.168.28.4 dns proxy = no name resolve order = lmhosts host wins bcast netbios name = Vash interfaces = 192.168.28.2/24 hosts allow = 192.168.28. 127. log file = /var/log/samba/log.%m max log size = 50 syslog = 0 panic action = /usr/share/samba/panic-action %d security = ads realm = ad.palantir.net password server = knives.palantir.net winbind use default domain = yes encrypt passwords = true username map = /etc/samba/smbusers domain logons = no logon script = %U.bat load printers = no socket options = TCP_NODELAY remote browse sync = 192.168.28.255 remote announce = 192.168.28.255 local master = no os level = 33 domain master = no preferred master = no template shell = /bin/bash idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 winbind enum users = yes winbind enum groups = yes [homes] comment = Home Directories browseable = no writable = yes [archives] comment = Archived projects path = /vash/archives browseable = yes guest ok = no writable = yes create mask = 0660 directory mask = 2770 force create mode = 0660 force directory mode = 2770 [business] comment = Palantir business directory path = /vash/business browseable = yes guest ok = no writable = yes create mask = 0660 directory mask = 2770 force create mode = 0660 force directory mode = 2770 [palantir] comment = Palantir projects directory path = /vash/palantir browseable = yes guest ok = no writable = yes create mask = 0660 directory mask = 2770 force create mode = 0660 force directory mode = 2770 [software] comment = software packages path = /vash/software browseable = yes guest ok = yes writable = yes create mask = 0664 directory mask = 2775 force create mode = 0664 force directory mode = 2775 Any help is appreciated. Thanks, -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
