Secondary groups not being honoured

Gerald (Jerry) Carter jerry at
Thu Sep 25 02:40:45 GMT 2003

Hash: SHA1

Matthew Ridley wrote:

> I have noticed a wierd behaviour in the recent(3.0rc2+) releases
> This ONLY applies when using winbind to propogate user information.
> (in a Win2k domain, using rpc not ads)

I've tried to reproduce this in case we neede to stop ship on 3.0.0 for 
it, but had no luck.  However, I think it might be a caching issue.
Can you stop winbindd, remove the netsamlogon_cache.tdb and restart 
winbindd and see if thatmakes a difference.

> If I set a directory to "rwx" access for a secondary group they are unable to 
> write to these directories via samba (they can read it, and the permissions 
> look correct under windows). If they log in via other means (using 
> pam_winbind etc) they can do as permissions allow.

There are several variants of this logged in bugzilla (226, 295, & 406).
Can you see if any match you environment?

Do you have 'winbind use default domain = yes' by any chance?  If so, 
have you tried disabling it?

> Can someone point me in the right direction of the source? I'll have a poke 
> around and try to track it down. I guess the code must be only checking the 
> primary group and not any secondary(winbind generated) ones.

Not that easy I'm afraid.  Try the above suggestions first and let me know.

cheers, jerry
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the samba-technical mailing list