[Samba] Group permission problems with winbind & NFS

simo idra at samba.org
Thu May 3 13:30:32 GMT 2007

On Mon, 2007-04-30 at 23:35 -0500, Don Meyer wrote:
> This system NFS mounts the remote file storage resource on a backend 
> RHEL4 server.   The public facing web frontends also mount these same 
> resources.   Here is where things get hinky -- some users can write 
> to the directories on the NFS mount, and some cannot.   If the 
> directory in question is owned by the user, then no problems 
> writing.   If not, but the directory's owning group contains the user 
> as a member, then only sometimes can the user add/change/remove files 
> in the directory.

First, re-exporting NFS mounts via samba is really not a good practice,
and we usually discourage it completely.

> I also thought it might have something to do with nested groups, but 
> even simple groups with only users as members exhibit the failure 
> over NFS.   I have had the thought that it could be the length of 
> some of the groupnames, as some of them are pretty long:  the longest 
> is 64 bytes.  The one I did most testing with is only 10 bytes long, however.

The NFS protocol limits the number of groups per user to 16 and truncate
all others, so you are not really able to tell the server you are in
group #17 or #18 and so on. I am 99.9% sure this is the problem you are

That's why approximately you can have it working with older groups as
they are probably just reported first and result in the first 16.


Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org

More information about the samba mailing list