[Samba] ACL on groups working half

[Trimble, Ronald D]

Is this an AD group?  If so, what type?

-----Original Message-----
From: samba-bounces+ronald.trimble=unisys.com at lists.samba.org
[mailto:samba-bounces+ronald.trimble=unisys.com at lists.samba.org] On
Behalf Of Tjaco Mast
Sent: Tuesday, March 28, 2006 10:57 AM
To: samba at lists.samba.org
Subject: [Samba] ACL on groups working half

Hi all Samba users,

For some I've got a Samba server running with the following config:
Debian Sarge 2.6.8 kernel
Samba 3.0.21 with winbind and LDAP as ADS member server
A W2K003 PDC
Samba's data partition is ext3 + ACL

I've migrated my users homedirs and profiledirs from W2K003 to Samba.
These each user owns his own homedir and has rwx------ permissions
This seems to be working excelent.

Then I made a groupshare open for everyone. The directory it points to 
is closed for all domain users.
No one can access this share.
As I add domain-user tjaco with rwx by ACL (useing 
share-properties-security in windows or setfacl on linux) tjaco has 
instant access to the share.

Now I add tjaco to group mygroup useing MMC (tjaco shows up as a 
groupmember of mygroup doing: getent group)
I remove tjaco from the ACL and add mygroup with rwx to ACL
Tjaco has NO access anymore

As I add group 'domain users' (which tjaco is a member of) with rwx to 
ACL tjaco has access again.

This keeps me baffeled for some weeks now.

Furthermore I recall haveing read something about the importance of the 
SYSTEM group that should be added to the ACL but I don't understand how.
SYSTEM is not a normal or builtin ADS group.

Who can help?
Thanks in advance, Tjaco
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba