3.0a21 and HEAD: only primary group of a domain user is set on smbd
Chere Zhou
qzhou at isilon.com
Wed Mar 5 01:27:29 GMT 2003
Dear list,
I know that on 2.2.5, when we get user info from winbindd, we also initialize
group information based on the group list got from winbind, and do a
"setgroups" for the process, so that all of the groups the user is a member
of is set on the smbd.
Now on 3.0a21 and HEAD, I do not see any "setgroup" operation from winbind,
and the smbd process only got the primary group of the Win2k domain user. So
it fails when a file permission is checked for other groups the user is a
member of.
I can see that sec_ctx.c is about the only place that calls sys_setgroups
now, when the Unix group info has only the primary group. At the same place
the NT token has about 9 groups for my test user.
Can somebody explain why we are not doing what 2.2.5 was doing? Is there any
design issue related to this?
Thanks a lot!
Chere
More information about the samba-technical
mailing list