[Samba] Change in group membership behavior?

john.nelson at teradyne.com john.nelson at teradyne.com
Fri Oct 26 13:48:52 GMT 2007

Maybe this is old news, but we've just upgraded from Samba 3.0.7-1.3E.1 on 
Redhat Linux 3 to 3.0.10-1.4E.11 on Redhat Linux 4, and we're seeing a 
significant change in behavior that has broken our environment.

We use "security=domain".  With the earlier version of Samba, we were 
relying on the fact that Samba would get the list of groups from the 
mapped unix account (after authenticating a domain user).  Now, it seems 
to be trying to map the Windows domain account groups (and in particular, 
the primary group).

For example, users who have a primary group of "Domain Users" are now 
failing to create new files (with the group  "OURDOMAIN\Domain Users"), 
when before, they could create files owned by the unix account's primary 
group.  We don't support a unix group "Domain Users", and this isn't the 
group owner of the directory we are trying to modify.

Is this a known change in Samba behavior?  Is there any way to revert to 
the old behavior (use the unix account's groups)?

   - john nelson

More information about the samba mailing list