[Samba] NT_STATUS_NO_SUCH_GROUP

Tue Mar 30 02:51:23 MDT 2010

	I have an issue where a user cannot connect to a specific 
samba group. I've tried connecting directly from Windows, and via 
smbclient.

via smbclient I get
smbclient '\\SERVER NAME\Skin_FTP' -U username
Password:
Domain=[EP] OS=[Unix] Server=[Samba 3.2.5]
tree connect failed: NT_STATUS_NO_SUCH_GROUP

Yet an apparently mostly identical share seems to work fine

  smbclient '\\SERVER NAME\Queen_FTP' -U username
Password:
Domain=[EP] OS=[Unix] Server=[Samba 3.2.5]
smb: \>

The two shares seem pretty much the same
[Queen_FTP]
         valid users = @royal
         writeable = yes
         create mode = 775
         path = /home/royal
         force group = royal
         directory mode = 775

[Skin_FTP]
         writeable = yes
         valid users = @skin
         create mode = 775
         path = /home/skin
         force group = skin
         directory mode = 775

both groups are Samba Domain groups, that correspond to a local unix 
group with the same name. Both local unix groups seem to exist, and I 
can't see any significant differences between the two.

So, any suggestions for how to go about debugging this one?

I've double checked unix group details, restarted winbind in the 
hopes this would force a group cache rebuild, double checked 
everything I can find - and I still have no idea why one group works, 
another does not.
getent group royal and getent group skin both return apparently valid 
unix group file entries
eg royal:x:1024: a bunch of usernames

Thanks in advance

	David

PS relevant parts of smb.conf
-------------------
[global]
	load printers = yes
	socket options = TCP_NODELAY
	domain master = yes
	preferred master = yes
	domain logons = yes
	encrypt passwords = true
	public = yes
	allow hosts = 10.0.50.0/255.255.0.0
	wins support = true
	netbios name = SERVERNAME
	server string = File & Print Server
	printing = cups
	default = global
	unix password sync = yes
	local master = yes
	workgroup = EP
	os level = 65
	username map = /etc/samba/smbusers

[global]
	log file = /var/log/samba/smb.log
	dns proxy = no
	netbios name = Servername
	server string = %h (Samba %v)
	passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n
	invalid users = root
	socket options = TCP_NODELAY
	obey pam restrictions = yes
	workgroup = EP
	encrypt passwords = true
	syslog = 0
	passwd program = /usr/bin/passwd %u
	max log size = 1000
	smb ports = 139
	veto files = 
/:2eFBCLockFolder/.FBCLockFolder/:2eFBCIndex/.FBCIndex/:2eDS_Store/.DS_Store/TheVolumeSettingsFolder?/TheFindByContentFolder?/Temporary 
Items/Network Trash 
Folder/.AppleDB/:2eVolumeIcon.icns/.VolumeIcon?.icns/Icon?/.AppleDouble?/.AppleDesktop?/desktop.ini/RECYCLER/ 
delete veto files = Yes
	map to guest = bad user

#needed for domain logons
comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = root
guest ok = Yes
browseable = Yes
#[homes]
#   comment = Home Directories
#   browseable = yes

# By default, the home directories are exported read-only. Change next
# parameter to 'yes' if you want to be able to write to them.
    writable = yes

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
    create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
    directory mask = 0700