[Samba] Can anyone get winbind to update group membership?
Michael Gasch
gasch at eva.mpg.de
Wed Jan 18 11:23:31 GMT 2006
hi,
i tried to reproduce your error in a NT domain style with samba 3.0.14a
PDC (openldap backend) incl. a samba 3.0.20b fileserver
i tweaked winbind cache time to 60s and everything works as expected:
- a user, who is in a group that has write perms, can write
- remove user from this group -> user cannot write anymore
- add user again to this group -> user can write again
greez
Adam Nielsen wrote:
> Hi all,
>
> Does this work for anyone out there? I've never gotten it to work:
>
> (the set up is Samba as a member of an Active Directory run by Windows
> servers.)
>
> --------------
>
> 1. Pick an NT group that's been there since you installed Samba,
> and of which you are a member. I'll call it DOMAIN\Oldgroup.
>
> 2. Run "chgrp DOMAIN\\Oldgroup test" then "chmod g+w,o-w test"
>
> 3. Access the 'test' folder from Windows via Samba and observe you
> can create files in this folder, as you are a member of a group with
> write access.
>
> --------------
>
> 4. Either make a new NT group, or pick one that you're not a member
> of. I'll call it DOMAIN\Newgroup.
>
> 5. Run "chgrp DOMAIN\\Newgroup test"
>
> 6. Access the 'test' folder and observe that you can't write to the
> folder as you don't have access to it any more (since you're no longer a
> member of the group that has write access.)
>
> --------------
>
> 7. Go back and add yourself to DOMAIN\\Newgroup.
>
> 8. Run "getent group DOMAIN\\Newgroup" and observe that you're now a
> member of this group.
>
> 9. Access the 'test' folder again, but this time notice that you
> still can't write to the folder, even though you're a member of a group
> that *has* write access.
>
> --------------
>
> I can't for the life of me work out why Samba won't let me write to the
> share once I've added myself (or anyone else for that matter) to a
> group that was created after Samba was first run. It doesn't matter
> how long you leave it, Samba will never let you access the folder.
>
> Is anyone else able to do this?
>
> Thanks,
> Adam.
--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany
Phone: 49 (0)341 - 3550 137
More information about the samba
mailing list