Secondary groups not being honoured

Matthew Ridley m.ridley at
Wed Sep 24 07:38:26 GMT 2003


I have noticed a wierd behaviour in the recent(3.0rc2+) releases

This ONLY applies when using winbind to propogate user information.
(in a Win2k domain, using rpc not ads)

If I set a directory to "rwx" access for a secondary group they are unable to 
write to these directories via samba (they can read it, and the permissions 
look correct under windows). If they log in via other means (using 
pam_winbind etc) they can do as permissions allow.

If a particular directory is set to "rwx" for their primary group all is well 
in both windows and unix..

If a local group is created in /etc/group and the winbind enumerated user 
added to it, write access works for both access methods.

With or without ACL support in the O/S has no effect.

Can someone point me in the right direction of the source? I'll have a poke 
around and try to track it down. I guess the code must be only checking the 
primary group and not any secondary(winbind generated) ones.


More information about the samba-technical mailing list