This changes our Unix primary GID behaviour back to what most people expect:

Samba will now use the user's UNIX primary group, as the primary group when
dealing with the filesystem.  The NT primary group is ignored in unix.

For the NT_TOKEN, the primary group is the NT priamry group, and the unix
primary group is added to the NT_TOKEN as a supplementary group.

This should fix bug #109, but will need to be revisited when we get a full
NT group database.

Also in this commit:
 - Fix debug statements in service.c
 - Make idmap_ldap show if it's adding, or modifying an existing DN
 - Make idmap_ldap show both the error message and error string

diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index ea46d27e9e9de736ef1f250c0c97b05d5ee3cb41..f77ee350b48066f5ba35be64f10f9a446066e68b 100644 (file)
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -784,13 +784,9 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
                return NT_STATUS_NO_SUCH_USER;
        }
        (*server_info)->unix_name = smb_xstrdup(pwd->pw_name);
-       passwd_free(&pwd);
+       (*server_info)->gid = pwd->pw_gid;
 
-       if (!NT_STATUS_IS_OK(nt_status = sid_to_gid(pdb_get_group_sid(sampass), 
-                                                   &((*server_info)->gid)))) {
-               free_server_info(server_info);
-               return nt_status;
-       }
+       passwd_free(&pwd);
 
        if (!NT_STATUS_IS_OK(nt_status = add_user_groups(server_info, sampass, 
                                                         (*server_info)->uid, 

diff --git a/source/sam/idmap_ldap.c b/source/sam/idmap_ldap.c
index ade88d92202a91a01e918fe978d596d0f9b52a2a..d0010d8cd94b31ea5ec2c7e221017d32f34c6386 100644 (file)
--- a/source/sam/idmap_ldap.c
+++ b/source/sam/idmap_ldap.c
@@ -474,9 +474,10 @@ static NTSTATUS ldap_set_mapping_internals(const DOM_SID *sid, unid_t id,
                char *ld_error = NULL;
                ldap_get_option(ldap_state.smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
                                &ld_error);
-               DEBUG(0,("ldap_set_mapping_internals: Failed to create mapping from %s to %u [%s]\n",
-                       sid_string, (unsigned int)((id_type & ID_USERID) ? id.uid : id.gid), type));
-               DEBUG(0, ("ldap_set_mapping_internals: Error was: %s\n", ld_error ? ld_error : "(NULL)"));
+               DEBUG(0,("ldap_set_mapping_internals: Failed to %s mapping from %s to %u [%s]\n",
+                        (ldap_op == LDAP_MOD_ADD) ? "add" : "replace",
+                        sid_string, (unsigned int)((id_type & ID_USERID) ? id.uid : id.gid), type));
+               DEBUG(0, ("ldap_set_mapping_internals: Error was: %s (%s)\n", ld_error ? ld_error : "(NULL)", ldap_err2string (rc)));
                return NT_STATUS_UNSUCCESSFUL;
        }
                

diff --git a/source/smbd/service.c b/source/smbd/service.c
index 6a23e38bbd1460ca5e117a356e0df2b1c50d8e63..63991904ff63cbb1b0185cbbc3c589b22faeb0da 100644 (file)
--- a/source/smbd/service.c
+++ b/source/smbd/service.c
@@ -359,7 +359,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
                guest = True;
                pass = getpwnam_alloc(guestname);
                if (!pass) {
-                       DEBUG(0,("authorise_login: Invalid guest account %s??\n",guestname));
+                       DEBUG(0,("make_conncection_snum: Invalid guest account %s??\n",guestname));
                        conn_free(conn);
                        *status = NT_STATUS_NO_SUCH_USER;
                        return NULL;