[Samba] Samba no longer honoring secondary groups!
Roland Schwingel
roland.schwingel at onevision.com
Mon May 2 11:01:07 UTC 2016
Hi...
Out of sudden our samba file servers are no longer honoring secondary
group membership.
I appears that the fileservers are no longer seeing groups.
When I do a 'net -U <domUser> rpc group list' on the PDC everything is
fine. I can see all groups. When I do this on the fileservers I do not
receive anything.
We operate samba 4.3.9 both as classic PDC (for a couple of reason we
cannot switch to AD) and as fileserver (domain members). Upgraded them
today due to the problems from 4.3.x to 4.3.9. All machines are running
solely smbd/nmbd no winbind.
Today morning the fileservers which are joined domain members
(security=DOMAIN) are denying write access to folders for users which
are members of secondary groups. Writing with primary membership is
working. It is NOT a linux problem. When working directly on linux
(directly on the machine or via NFS) all is ok.
Operating on shares served by a domaincontroller (added some for
testing) secondary groups are working.
Any ideas what could be wrong and how to fix it?
Thanks in advance,
Roland
More information about the samba
mailing list