← Back to team overview

enterprise-support team mailing list archive

  1. enterprise-support team
  2. Mailing list archive
  3. Message #05528

[Bug 1591264] [NEW] Access to folder denied despite being member of AD group via winbind

  Thread PreviousDate PreviousThread Next 
Public bug reported:

I have an Ubuntu 16.04 box joined to my domain using Winbind (RID
method). This appears to be working fine. A call to id correctly lists
my AD group membership.

root@hpc-app:/shares# id afoster
uid=26153(afoster) gid=10513(domain users) groups=10513(domain users),998(shiny),26153(afoster),24244(vmwareviewadmins),26682(prism6_users),23150(pcinfousers),25033(itwiki_users),19009(everyuser),25022(hpc_users),18647(vpn users),1000001(BUILTIN\users)

But despite being a member of the hpc_users group, I am unable to CD
into a directory owned by that group.

root@hpc-app:/shares# ls -l /shares
total 8
drwxrwx---  2 root hpc_users                4096 Jun 10 14:41 share

As the user afoster...

afoster@hpc-app:~$ cd /shares/share
-bash: cd: /shares/share: Permission denied

I have the following in my PAM common-auth file...

auth    [success=1 default=ignore]      pam_winbind.so krb5_auth
krb5_ccache_type=FILE cached_login try_first_pass
require_membership_of=hpc_users

and the "require_membership_of=hpc_users" line is working as expected.
One cannot login unless one is a member of this group.

** Affects: samba (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to samba in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1591264

Title:
  Access to folder denied despite being member of AD group via winbind

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1591264/+subscriptions
  Thread PreviousDate PreviousThread Next