[Samba] Very strange permissions issue with Samba 3.0.20(a/b)

Svend Sorensen ssorensen at gmail.com
Fri Nov 18 01:03:12 GMT 2005

On 11/15/05, Scrivner, Andrew <ascrivner at oppenheimerfunds.com> wrote:
>  I am running Samba 3.0.20a on RHEL 3 u5 x86, my configuration is working
> perfectly except for cvs commits for 3 users. We are using ADS, pam_winbind, and pam_require to authenticate CVS users against AD.
> Our CVS directories are mod 2775, and the group ownership of all dirs is
> the AD group "DEN-CVS-Users". Every valid user is a member of this group. But
> a few users, while they are able to authenticate, and checkout, cannot commit files to the depot. Their group membership is hosed up somehow. Everything is working perfectly except for these few troublemakers.
> The users can log into CVS, so their group membership is seen by winbind and passed to pam_require, but when it comes writing to a file with AD group
> ownership they are denied. It works for the rest of us though, so we're baffled. The files are all mod 664.
> This isn't a CVS issue, as I can login to our CVS server as an affected AD user and replicate the problem. For me, I can write to the depot just fine.
> My questions:
> 1. Is there a limit to the number of groups a user may be a member of ( The most so far is 48 groups ) that would cause winbind problems?
> 2. Are the any special characters within an AD group name that would break winbind?
> 3. Besides a user's SID, and group membership, what could be different between users ?

I ran across this problem.  See:


for my post and the relevant bug reports.  The bug has been closed,
and this should be fixed in the 3.0.21 release, however  I haven't
tested it.  If you do test any of the RCs, post your results.

>  This is our setup:
> <snip>

More information about the samba mailing list