[Samba] Domain Users group problem in winbind

Erwin Fritz efritz at glja.com
Tue Apr 16 07:45:02 GMT 2002

I'm running Samba 2.2.3a on Solaris 8, with winbind. I've managed to
configure it so that I don't need local users anymore; the NT domain users
can telnet in to the UNIX box without problem. Mounting Samba shares works
just fine as well.

One thing I've noticed is really turning out to be a stumbling block. If a
user telnets to a UNIX box using his NT domain account (DOMAIN+userid),
winbind appears to assign him the group DOMAIN+Domain Users. Now, if that
user tries to create a file, but DOMAIN+Domain Users doesn't have write
permission on the directory, the file creation fails.

For example, let's say that the user is in directory testdir. That
directory has an owner of DOMAIN+otheruser, a group of DOMAIN+somegroup,
and permissions of 775. Assume also that DOMAIN+userid is a member of

The user can't create files in that directory unless he uses the UNIX
'group' command to change his group to DOMAIN+somegroup. If I change the
permissions on the directory to 777, then any file created by the user gets
assigned a group of DOMAIN+Domain Users.

Am I missing something here? Has anyone encountered this?
Erwin Fritz
Gilbert Laustsen Jung Associates Ltd.

More information about the samba mailing list