[Samba] Group permissions and recursion

Jeremy Allison jra at samba.org
Tue Jun 27 20:16:04 GMT 2006

On Tue, Jun 27, 2006 at 10:49:04AM -0700, Rob Tanner wrote:
> Here's the problem, a member of 'CATNET\adm staff' cannot access a file 
> for which 'CATNET\adm' has r/w access (group:CATNET\134adm:rwx).  But if 
> I add 'CATNET\adm staff' even though 'CATNET\adm staff' is a member of 
> 'CATNET\adm', it works.  I thought this might be related to the smb.conf 
> parameter 'winbind nested groups', which I set to 'yes', but it made no 
> difference.  Any ideas?

Yes, that's got to be nested group evaluation not working
right. Try logging on as the specific user and then
calling the 'id' command to see what groups you're in.
They're the ones that winbindd is giving you (and the
same ones smbd will be using). From that you should be
able to start debugging why winbindd isn't giving the
full group list.


More information about the samba mailing list