[Samba] Samba 3.0.13 security= ADS / Problem to access a share in auth_util.c ==> change of group not taken into account (supplementary groups)

Guy Le Gac guy.legac at ch-stbrieuc.fr
Wed Mar 30 14:14:59 GMT 2005

Excuse me, i am french....

My SAMBA v3.0.13 (over a linux Redhat 7.3.1 With kernel 2.4.27-4) is 
configured with " security = ADS " to communicate with Active directory 
(2003 server).

The problem : When i modify the group of a user in the Active directory, 
this modification is not completely taken into account in samba.
In fact the orders "getent" and "wbinfo" gives one resulted correct but 
the user cannot reach a share to which its group has right.

sample :

on Active directory : user=test => Primary group : Domain's users,
                      Supplementary groups : office
Domain name: GCA_CH22:

On samba server:

[root at nas02 log]# id GCA_CH22+test

uid=20037(GCA_CH22+test) gid=20014(GCA_CH22+Domain's users) 
groups=20014(GCA_CH22+Domain's users,20012(GCA_CH22+office)

Samba Trace with loglevel = 5:

  UNIX token of user 20037
  Primary group is 20014 and contains 2 supplementary groups
  Group[  0]: 20014
  Group[  1]: 20050   =====> !!!! OLD GROUP .... i don't see 20012 group 

installed packages : Kerberos, openldap-2.0.23-4, libacl 2.2.7


thank you for your assistance

Guy Le Gac

More information about the samba mailing list