[Samba] Samba ignores groups for ACL !

Neuwald, Björn Neuwald at medianet.freinet.de
Tue Sep 26 12:25:38 GMT 2006 

Hello, i hope u guys can help me.
This is the first time I write to the list. Sorry about my english...

i got a solaris 10 machine and installed "samba 3.0.2.3c" with "openldap 2.3.2.1" , "openssl 0.9.8" and "gcc 3.4.6".
 
i configured kerberos and all the other things. all good.
 
i added the samba-server (solaris10) to a active directory domain.
with "kinit ...." and then "net ads join" and so on.
all worked good.
 
then i configured my smb.conf via swat-websoncole.
i created a share that was named "all".
i added in swat to the "valid users"-option the AD-Group "MyDomain\group_alpha".
 
After this i mounted the share on my Windows-Xp machine. 
The user on the WindowsXP MAchine is in the Group "MyDomain\group_alpha".
all good.
 
i can access an create folders .....
 
Now i created on my solaris-machine in my Samba-Share-folder "all" 2 Folders.
Folders:            Permissions      Owner        Acl
1. "folderA" with rwxrwx---     root  root    group: group_beta:rwx
2. "folderB" with rwxrwx---     root  root    group: group_gama:rwx
 
after this i added via "setfacl -m g:MyDomain\\group_beta:rwx folder_a" the group "group_beta" to the first folder.
The Same i did with the folder "folderB", i added the group "group_gama" (rwx).
 
Now, i am at the windows machine, my user "winuser" mountet the Samba Share.
So, "winuser" is a member of the valid share user group "group_alpha", all AD-users are members of this group.
On the two other folders in the share i added permissions for two other groups.
So, i as "winuser" should have rights to read,write,execute the "folderA", because "winuser" is a also a member of "group_beta" but i dont have permissions for "folderB".
 
my Problem is now that i can not enter and "folderA" and "folderB"!
(windows-prompt : i dont have permissions for this..)
 
The same scenario with adding "users" directly without "group" is working.
 
So i think that samba ignores my supplementary groups for acl!!!
 
i googel'ed a lot for  this problem, but no solution.
 
Help me ;)
 
 
 
Ciao, Björn

More information about the samba mailing list