Secondary groups not being honoured
Gerald (Jerry) Carter
jerry at samba.org
Thu Sep 25 02:40:45 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Matthew Ridley wrote:
> I have noticed a wierd behaviour in the recent(3.0rc2+) releases
>
> This ONLY applies when using winbind to propogate user information.
> (in a Win2k domain, using rpc not ads)
I've tried to reproduce this in case we neede to stop ship on 3.0.0 for
it, but had no luck. However, I think it might be a caching issue.
Can you stop winbindd, remove the netsamlogon_cache.tdb and restart
winbindd and see if thatmakes a difference.
> If I set a directory to "rwx" access for a secondary group they are unable to
> write to these directories via samba (they can read it, and the permissions
> look correct under windows). If they log in via other means (using
> pam_winbind etc) they can do as permissions allow.
There are several variants of this logged in bugzilla (226, 295, & 406).
Can you see if any match you environment?
Do you have 'winbind use default domain = yes' by any chance? If so,
have you tried disabling it?
> Can someone point me in the right direction of the source? I'll have a poke
> around and try to track it down. I guess the code must be only checking the
> primary group and not any secondary(winbind generated) ones.
Not that easy I'm afraid. Try the above suggestions first and let me know.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/clWtIR7qMdg1EfYRApnYAJ9NVK8ZbTBGM5e15C01BaDju4YthgCeIwe2
83jRI6i339mQ2ZkjuiTQjKE=
=L7S6
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list