[Samba] Can anyone get winbind to update group membership?

Michael Gasch gasch at eva.mpg.de
Wed Jan 18 11:23:31 GMT 2006 

hi,

i tried to reproduce your error in a NT domain style with samba 3.0.14a 
PDC (openldap backend) incl. a samba 3.0.20b fileserver

i tweaked winbind cache time to 60s and everything works as expected:
- a user, who is in a group that has write perms, can write
- remove user from this group -> user cannot write anymore
- add user again to this group -> user can write again

greez


Adam Nielsen wrote:
> Hi all,
> 
> Does this work for anyone out there?  I've never gotten it to work:
> 
> (the set up is Samba as a member of an Active Directory run by Windows
> servers.)
> 
> --------------
> 
>   1.  Pick an NT group that's been there since you installed Samba,
> and of which you are a member. I'll call it DOMAIN\Oldgroup.
> 
>   2.  Run "chgrp DOMAIN\\Oldgroup test" then "chmod g+w,o-w test"
> 
>   3.  Access the 'test' folder from Windows via Samba and observe you
> can create files in this folder, as you are a member of a group with
> write access.
> 
> --------------
> 
>   4.  Either make a new NT group, or pick one that you're not a member
> of.  I'll call it DOMAIN\Newgroup.
> 
>   5.  Run "chgrp DOMAIN\\Newgroup test"
> 
>   6.  Access the 'test' folder and observe that you can't write to the
> folder as you don't have access to it any more (since you're no longer a
> member of the group that has write access.)
> 
> --------------
> 
>   7.  Go back and add yourself to DOMAIN\\Newgroup.
> 
>   8.  Run "getent group DOMAIN\\Newgroup" and observe that you're now a
> member of this group.
> 
>   9.  Access the 'test' folder again, but this time notice that you
> still can't write to the folder, even though you're a member of a group
> that *has* write access.
> 
> --------------
> 
> I can't for the life of me work out why Samba won't let me write to the
> share once I've added myself (or anyone else for that matter) to a
> group that was created after Samba was first run.  It doesn't matter
> how long you leave it, Samba will never let you access the folder.
> 
> Is anyone else able to do this?
> 
> Thanks,
> Adam.


-- 
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137

More information about the samba mailing list