[Bug 1591264] [NEW] Access to folder denied despite being member of AD group via winbind
Andy Foster
andy.foster at nibsc.org
Fri Jun 10 15:52:14 UTC 2016
Public bug reported:
I have an Ubuntu 16.04 box joined to my domain using Winbind (RID
method). This appears to be working fine. A call to id correctly lists
my AD group membership.
root at hpc-app:/shares# id afoster
uid=26153(afoster) gid=10513(domain users) groups=10513(domain users),998(shiny),26153(afoster),24244(vmwareviewadmins),26682(prism6_users),23150(pcinfousers),25033(itwiki_users),19009(everyuser),25022(hpc_users),18647(vpn users),1000001(BUILTIN\users)
But despite being a member of the hpc_users group, I am unable to CD
into a directory owned by that group.
root at hpc-app:/shares# ls -l /shares
total 8
drwxrwx--- 2 root hpc_users 4096 Jun 10 14:41 share
As the user afoster...
afoster at hpc-app:~$ cd /shares/share
-bash: cd: /shares/share: Permission denied
I have the following in my PAM common-auth file...
auth [success=1 default=ignore] pam_winbind.so krb5_auth
krb5_ccache_type=FILE cached_login try_first_pass
require_membership_of=hpc_users
and the "require_membership_of=hpc_users" line is working as expected.
One cannot login unless one is a member of this group.
** Affects: samba (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1591264
Title:
Access to folder denied despite being member of AD group via winbind
Status in samba package in Ubuntu:
New
Bug description:
I have an Ubuntu 16.04 box joined to my domain using Winbind (RID
method). This appears to be working fine. A call to id correctly lists
my AD group membership.
root at hpc-app:/shares# id afoster
uid=26153(afoster) gid=10513(domain users) groups=10513(domain users),998(shiny),26153(afoster),24244(vmwareviewadmins),26682(prism6_users),23150(pcinfousers),25033(itwiki_users),19009(everyuser),25022(hpc_users),18647(vpn users),1000001(BUILTIN\users)
But despite being a member of the hpc_users group, I am unable to CD
into a directory owned by that group.
root at hpc-app:/shares# ls -l /shares
total 8
drwxrwx--- 2 root hpc_users 4096 Jun 10 14:41 share
As the user afoster...
afoster at hpc-app:~$ cd /shares/share
-bash: cd: /shares/share: Permission denied
I have the following in my PAM common-auth file...
auth [success=1 default=ignore] pam_winbind.so krb5_auth
krb5_ccache_type=FILE cached_login try_first_pass
require_membership_of=hpc_users
and the "require_membership_of=hpc_users" line is working as expected.
One cannot login unless one is a member of this group.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1591264/+subscriptions
More information about the foundations-bugs
mailing list