Secondary groups not being honoured

[Gerald (Jerry) Carter]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matthew Ridley wrote:

> I have noticed a wierd behaviour in the recent(3.0rc2+) releases
> 
> This ONLY applies when using winbind to propogate user information.
> (in a Win2k domain, using rpc not ads)

I've tried to reproduce this in case we neede to stop ship on 3.0.0 for 
it, but had no luck.  However, I think it might be a caching issue.
Can you stop winbindd, remove the netsamlogon_cache.tdb and restart 
winbindd and see if thatmakes a difference.

> If I set a directory to "rwx" access for a secondary group they are unable to 
> write to these directories via samba (they can read it, and the permissions 
> look correct under windows). If they log in via other means (using 
> pam_winbind etc) they can do as permissions allow.

There are several variants of this logged in bugzilla (226, 295, & 406).
Can you see if any match you environment?

Do you have 'winbind use default domain = yes' by any chance?  If so, 
have you tried disabling it?

> Can someone point me in the right direction of the source? I'll have a poke 
> around and try to track it down. I guess the code must be only checking the 
> primary group and not any secondary(winbind generated) ones.

Not that easy I'm afraid.  Try the above suggestions first and let me know.





cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/clWtIR7qMdg1EfYRApnYAJ9NVK8ZbTBGM5e15C01BaDju4YthgCeIwe2
83jRI6i339mQ2ZkjuiTQjKE=
=L7S6
-----END PGP SIGNATURE-----