NT Groups - ACL

FLASSE Damien DFlasse at ETUC.ORG
Mon Jul 15 14:31:02 GMT 2002

I'm just trying to integrate a SAMBA/Linux/XFS/winbind Box into a NT/2000 network. Everything is just fine but the NT group recognition: if a user is part of 2 groups (e.g. Domain users + domain admins), it looks like SAMBA only sees ONE default group (Domain Users) which is a trouble in term of administration: if a user belonging to Domain admin has Admin ACL on a file but domain user is denied on this file, the user is seen by SAMBA as 'Domain user' user. The result is that this user is denied evn if he is part of the domain admin group.

This is a very common situation and the real life is often even more complex. Is there any trick to get around this 'default group'. Why doesn't SAMBA dig deeper into user's groups?

More information about the samba-technical mailing list