[Samba] new group memberships not receognized

Daulton Theodore daulton_theodore at carleton.ca
Tue Nov 24 12:34:07 MST 2009 

Hi all! 

I have a peculiar problem. I am running samba 3.0.23a on a solaris 9 box. I
am attempting to create a create a folder on a share and restrict access to 
a selected number of staff members. I created a new group named libssc with
gid 2013. I then created the folder named SSC belonging to the group libssc 
and with permissions 770. When I attempt save a file to the folder I get the
error message 'I:\SSC is not accessible. Access is denied.'

Looking through the log file I notice the group 2013 is not being listed as 
one of my supplementary groups. Has anyone encountered this before? I have 
done this procedure several time in the past but I am encountering problems 
this time around.

Here are some excerpts from the log file:

  params.c:pm_process() - Processing configuration file "/usr/local/samba3/lib/smb.conf"
[2009/11/24 13:56:42, 3] param/loadparm.c:do_section(3687)
  Processing section "[globals]"
[2009/11/24 13:56:42, 5] lib/debug.c:debug_dump_status(391)
  INFO: Current debug levels:
    all: True/5
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
    locking: False/0
    msdfs: False/0
    dmapi: False/0
  doing parameter syslog = 2
  doing parameter log file = /usr/local/samba3/var/log.%m:%U:%I
  doing parameter max log size = 2000
  doing parameter debug timestamp = yes
  doing parameter printing = SYSV
  doing parameter load printers = yes
  doing parameter lprm command = cancel %p-%j
  doing parameter use client driver = yes
[2009/11/24 13:56:42, 2] param/loadparm.c:do_section(3704)

<SNIP>
<the I: drive where I am the folder exists>
[2009/11/24 13:56:42, 2] param/loadparm.c:do_section(3704)
  Processing section "[deptshr]"
  doing parameter comment = %g Shared Directory
  doing parameter path = /files1/user/%g/common
  doing parameter read only = no
  doing parameter create mask = 0770
  doing parameter force create mode = 0770
  doing parameter directory mask = 0770
  doing parameter writable = yes
  doing parameter browseable = yes
  doing parameter invalid users = +circdesk

<SNIP>

[2009/11/24 13:56:43, 5] auth/auth_util.c:debug_nt_user_token(455)
  NT user token of user S-1-22-1-2223
  contains 20 SIDs
  SID[  0]: S-1-22-1-2223
  SID[  1]: S-1-5-21-2267612611-771306602-3073650580-3043
  SID[  2]: S-1-1-0
  SID[  3]: S-1-5-2
  SID[  4]: S-1-5-11
  SID[  5]: S-1-5-21-2267612611-771306602-3073650580-3001
  SID[  6]: S-1-5-21-2267612611-771306602-3073650580-3003
  SID[  7]: S-1-5-21-2267612611-771306602-3073650580-3011
  SID[  8]: S-1-5-21-2267612611-771306602-3073650580-3013
  SID[  9]: S-1-5-21-2267612611-771306602-3073650580-3017
  SID[ 10]: S-1-5-21-2267612611-771306602-3073650580-3025
  SID[ 11]: S-1-5-21-2267612611-771306602-3073650580-3037
  SID[ 12]: S-1-5-21-2267612611-771306602-3073650580-3041
  SID[ 13]: S-1-5-21-2267612611-771306602-3073650580-3045
  SID[ 14]: S-1-5-21-2267612611-771306602-3073650580-3047
  SID[ 15]: S-1-5-21-2267612611-771306602-3073650580-3051
  SID[ 16]: S-1-5-21-2267612611-771306602-3073650580-3053
  SID[ 17]: S-1-5-21-2267612611-771306602-3073650580-5011
  SID[ 18]: S-1-5-21-2267612611-771306602-3073650580-5021
  SID[ 19]: S-1-5-21-2267612611-771306602-3073650580-3039
  SE_PRIV  0x0 0x0 0x0 0x0
[2009/11/24 13:56:43, 5] auth/auth_util.c:debug_unix_user_token(475)
  UNIX token of user 2223
  Primary group is 1021 and contains 16 supplementary groups
  Group[  0]: 1021
  Group[  1]: 1000
  Group[  2]: 1001
  Group[  3]: 1005
  Group[  4]: 1006
  Group[  5]: 1008
  Group[  6]: 1012
  Group[  7]: 1018
  Group[  8]: 1020
  Group[  9]: 1022
  Group[ 10]: 1023
  Group[ 11]: 1025
  Group[ 12]: 1026
  Group[ 13]: 2005
  Group[ 14]: 2010
  Group[ 15]: 1019
[2009/11/24 13:56:43, 5] smbd/uid.c:change_to_user(260)
  change_to_user uid=(0,2223) gid=(0,1021)
[2009/11/24 13:56:43, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/11/24 13:56:43, 5] auth/auth_util.c:debug_nt_user_token(449)
  NT user token: (NULL)
[2009/11/24 13:56:43, 5] auth/auth_util.c:debug_unix_user_token(475)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2009/11/24 13:56:43, 5] smbd/uid.c:change_to_root_user(275)


Thanks in advance for any help.
-- 
----------------------------------- 0 ------------------------------------
Daulton Theodore                  </\    Tel: 613-520-2600 ext. 8352
Carleton University Library       _\\    Fax: 613-520-2750            
Systems Department                `/     Net: Daulton_Theodore at carleton.ca
---------------------------------- ` -------------------------------------

More information about the samba mailing list