[Samba] 3.0.11 groupmapping 'feature'

Theron Toomey ttoomey at duke.edu
Mon Mar 7 18:11:21 GMT 2005

After upgrading our samba DC from 3.0.10 to 3.0.11, we have been 
experiencing problems with groupmapping. In 3.0.10, we had to explicitly 
map our Unix groups (local or NIS) to NT groups with a 'net groupmap 
add' command.

However, in 3.0.11, all our Unix groups are mapped automagically. 
Although they do not show up with a 'net groupmap list' on the DC, our 
clients can see them: 'net user myusername /domain' shows all the Unix 
groups on the DC.

Looking more closely at the release notes, this might be the relevant 
o   Volker Lendecke
     * Unify the means of localtaing a user's global groups on a
       Samba DC.

This is a major problem for us. Since windows applies the most 
restrictive permission set, files that are not group writable suddenly 
become read-only, even if the owner has write access. This is because 
the owner of a file is also a member of the file's group.

This was never a problem for us prior 3.0.10 since most of our groups 
were not in the groupmap. If possible, I'd love to go back to the 
pre-3.0.11 behavior for groupmapping, rather than change the permissions 
on all our data.

I have looked through docs/man pages and can't find a way to change 
this. Anyone have an idea?

Thanks for your help.

Theron Toomey, System Administrator
NSEES-IT (919-613-8148)

More information about the samba mailing list