Results 1 to 4 of 4

Thread: Zimbra/Samba PDC: putting users in multiple groups

  1. #1
    ajayrockrock is offline Active Member
    Join Date
    May 2007
    Riverside, CA
    Rep Power

    Default Zimbra/Samba PDC: putting users in multiple groups

    Is there a way to put a user in multiple Samba Groups? We're a small company so thus people wear many hats and I have a guy in the Admin group and the Accounting group. The "UNIX" way would be to just throw him in each group and be done with it. But I'm not sure how to do it via the Zimbra Admin interface...


  2. #2
    RevDarkman's Avatar
    RevDarkman is offline Senior Member
    Join Date
    Apr 2008
    Newborough, Anglesey, North Wales, UK
    Rep Power


    Anyone figured this one out?

    I've got ZCS with CentOS and Samba working! ALso managed to getr user home directories created to a fashion.

    I would like to add users to multiple groups.

    I assumed that smbldap-groupmod would do it but I get some bizarre replies from that....

    [root@mailserver ~]# smbldap-groupshow NVQ
    dn: cn=NVQ,ou=groups,dc=sipcymru,dc=co,dc=uk
    objectClass: posixGroup,sambaGroupMapping
    cn: NVQ
    [root@mailserver ~]#
    As you can see it sees the group NVQ, but when I try to add a user to that group...

    [root@mailserver ~]# smbldap-groupmod -m "ifan" "NVQ"
    /usr/sbin/smbldap-groupmod: group NVQ not found! can't find the group!

    Anyone else crack this yet? I assume if I had some kind of LDAP browser that I could manually add as described in this link...

    Re: [Samba] Samba / OpenLDAP and groups

    Other than that I'm pretty happy with this and I'ts going live in a couple of weeks to replace an aging postfix/dovecot box!

  3. #3
    chimaster is offline Loyal Member
    Join Date
    May 2008
    Rep Power

    Default Issues with groups too.

    Similar issue. I thought I had everything working fine but managed to hit an issue with multiple groups.

    Here is my share

    writeable = yes
    path = /home/groups/SLVL1
    force group = SLVL1
    valid users = @ITC @Executive @Teachers @Operations @Leadership @SLVL1 @SLVL2
    create mode = 0770
    public = no
    directory mode = 0770
    wide links = no

    I have two users. joe.student and joe.student2 Joe.student is a member of SLVL1 and joe.student2 is a member of SLVL2. SLVL2 has access to SLVL1 and SLVL2 and SLVL1 has access to SLVL1 only. It appears only users who are a direct member of Force Group = SLVL1 can access the share. It was working during testing, but I made some changes to the group names on request of the client and now its all screwy.

    Here is a login attempt with both users.
    Student is successful
    root@rees:/var/log/samba# smbclient //localhost/SLVL1 -U joe.student
    Domain=[RPS] OS=[Unix] Server=[Samba 3.0.28a]
    smb: \>

    Student2 is not
    root@rees:/var/log/samba# smbclient //localhost/SLVL1 -U joe.student2
    Domain=[RPS] OS=[Unix] Server=[Samba 3.0.28a]
    tree connect failed: NT_STATUS_NO_SUCH_GROUP

    However, if I remove the force group both users can connect. But... joe.student2 has no rights.

    It appears that the NT_STATUS_NO_SUCH_GROUP is referring to the face that student2 is not a member of SLVL1 but a member of SLVL2 which should be allowed and was indeed working.

    I've seen some comments regarding Netbios, Winbind etc.. but two things come to mind.

    1. I'm using smbclient on the local machine
    2. It was working, but I tweaked something or domain logins (which turned out to be un-necessary) but I can't recall.

    getent group

    root@rees:/var/log/samba# net groupmap list
    ITC (S-1-5-21-3037128767-1994040998-2387843127-512) -> ITC
    Operations (S-1-5-21-3037128767-1994040998-2387843127-21004) -> Operations
    Leadership (S-1-5-21-3037128767-1994040998-2387843127-21008) -> Leadership
    Executive (S-1-5-21-3037128767-1994040998-2387843127-21010) -> Executive
    Shared (S-1-5-21-3037128767-1994040998-2387843127-21012) -> Shared
    Guest (S-1-5-21-3037128767-1994040998-2387843127-514) -> Guest
    SLVL1 (S-1-5-21-3037128767-1994040998-2387843127-21016) -> SLVL1
    SLVL2 (S-1-5-21-3037128767-1994040998-2387843127-21018) -> SLVL2
    Teachers (S-1-5-21-3037128767-1994040998-2387843127-21020) -> Teachers

    root@rees:/var/log/samba# net rpc group list

    Anyways, stuck and frustrated. Any thoughts? or a better way to manage multiple groups?
    Last edited by chimaster; 07-12-2010 at 08:58 PM. Reason: More detail

  4. #4
    chimaster is offline Loyal Member
    Join Date
    May 2008
    Rep Power

    Cool You Beauty

    Well four hours later (and two hours after the post) I've nailed it.

    Adding Unix Group\ as a prefix to the force group has nailed it.

    path = /home/groups/SLVL1
    valid users = @ITC, @Executive, @Teachers, @Operations, @Leadership, @SLVL1, @SLVL2
    force group = "Unix Group\SLVL1"
    read only = No
    create mask = 0770
    directory mask = 0770

    YAY Fricken Yay.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 1
    Last Post: 07-24-2008, 03:08 PM
  2. Multiple users on a Mac
    By Russianspi in forum General Questions
    Replies: 2
    Last Post: 05-14-2008, 10:15 AM
  3. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  4. syncing an address book between multiple users
    By rlustemberg in forum CalDAV / CardDAV / iSync
    Replies: 0
    Last Post: 06-22-2007, 03:55 AM
  5. One mail, multiple users
    By bguerreiro in forum Administrators
    Replies: 10
    Last Post: 07-19-2006, 01:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts