[Samba] Using write list with winbind

Wayne Johnson wjohnson at mqsoftware.com
Tue Sep 25 13:29:55 GMT 2007

I'm a bit confused.  We're a hybrid shop with servers of many flavors and many PC workstations.  We've set samba up with security=adm.  User access is authenticated by our ADS system.  
We recently migrated to a new samba server.  The Samba domain was properly joined to the domain and everything seemed to be working fine.  We had a share on the old server like this:
   comment = Common ground for developers
   path = /common
   public = yes
   read only = yes
   write list = @developers, at support, at qa,devbuild
   create mask = 02775

This basically gave our R&D group write access to the share and read-only to everyone else.  We migrated this directly to the new server but none of the users on the new server could get write access as the write list parameter should have done.
Turns out that when we installed the new samba, we had started winbind.  After about 8 hours of scratching our heads (and other parts) we found that by turning winbindd off, that proper write access to these shares would come back.
My question is why the write list didn't seem to work while winbind was running?  Should the write list had domain user type names (i.e. MQSOFTWARE\developers)?
Thanks in advance.

Wayne Johnson 
Senior Software Engineer 
MQSoftware, Inc. 
1660 S Highway 100 
Minneapolis, MN 55416 
(952) 345-8628 


More information about the samba mailing list