[Samba] Problems with group ACLs on a SAMBA server running in local mode

Todd Stecher tstecher at isilon.com
Thu Jan 12 18:49:16 GMT 2006

Here's a quick rundown of the behavior:


1)       SAMBA 3.0.9 server is running in local user mode 

2)       A new local UNIX group is added

3)       From a XP / W2003 client, attempts to add that group to ACLs on
the exported share fail - the group cannot be found through the explorer


I debugged this - the call to _samr_query_alias_info()  is failing.
Specifically, the call to pdb_get_aliasinfo() fails.  Debugging further,
this is because the group rid cannot be found in the tdb in
get_group_map_from_sid(), so the Windows client cannot resolve the name
from the RID.  


>From conversations with other developers here at Isilon, the local
groups are not automatically added to the tdb, and adding this
functionality could be risky due to collisions between GIDs/ RIDs/ and
SIDs.  My question to the list is there a hidden feature somewhere which
enables local unix groups to be added to the tdb?  I've been digging
through lists / documentation, but with no luck.


Thanks in advance,

Todd Stecher



More information about the samba mailing list