[Samba] winbind + nested groups in ssh = permission denied

Adam Nielsen adam.nielsen at uq.edu.au
Thu Jan 19 23:38:31 GMT 2006

> so that anyone that is a member of one of the 4 groups should be able
> to create new files in the /data/workpapers directory.
> Getent group shows members of all groups, except the workpaper admins
> group

You'll find that "getent group" doesn't list users within nested
groups, but Samba should pick up nested groups and obey them with
regard to filesystem permissions.

> Now the strange thing is, some members of the 4 groups can create new
> files in that folder, and some get permission denied.
> I can't find a pattern.

When did you add the users to these groups?  I have to completely shut
down Samba and restart before any group changes are recognised, so if
you added some users to this group after you started Samba that could
explain why.

Also make sure "getent group" works for all of the subgroups.

I assume you have "winbind nested groups = yes" in smb.conf?


More information about the samba mailing list