[Samba] Samba Secondary Groups

[grant little]

I had that problem with samba 3.4.X on ubuntu 9.10,  the only way I could
get it to work was to use 777 folder permissions as you describe. The fix
for me was to go to samba 3.5.X which fixed that and several other problems
like not being able to login to samba from OS X.
 Tried the same on a CENTOS 5.4 install as well and it works for SAMBA
3.0.33 with 770 folder permissions. Maybe a samba upgrade might fix what
ails you but be careful what you upgrade to...


On Sun, Apr 18, 2010 at 10:19 PM, David van Laatum <david at vanlaatum.id.au>wrote:

> This has been bugging me for years but never got around to spending a lot
> of time on it until I now want/need to use it for work stuff.
>
> Problem is simple I get access denied when trying to create a file in a
> directory that is not owned by me or my primary group that doesn't have
> world writable permissions. Ive also had similar issues with NFS mounts
> where I can't move/create/delete files via
> nfs but works fine if I do it on the local machine even though I am the
> same user in the same groups. All relevant info I can think of follows let
> me know if anything else is needed. Spent all morning looking for an answer
> but only found hints of similar but not
> applicable problems.
>
> [14:14:36 root at adl-nas-01 filestore]# smbd -V
> Version 3.2.5
> [14:28:42 root at adl-nas-01 filestore]# uname -a
> Linux adl-nas-01 2.6.26-2-amd64 #1 SMP Tue Mar 9 22:29:32 UTC 2010 x86_64
> GNU/Linux
> [14:28:42 root at adl-nas-01 filestore]# cat /etc/debian_version
> 5.0.4
>
> [global]
>   security = ads
>   workgroup = VALEX
>   server string = File Store
>   realm = VALEX.LOCAL
>   password server = ldap.valex.local
>   wins server = 172.16.0.150
>   dns proxy = no
>   log file = /var/log/samba/log.%m
>   max log size = 100
>   log level = 3
>   syslog = 1
>   panic action = /usr/share/samba/panic-action %d
>   encrypt passwords = yes
>   printing = bsd
>   printcap name = /etc/printcap
>   idmap backend = ad
>   passdb backend = tdbsam
>   idmap uid = 100-90000
>   idmap gid = 100-900000
>   winbind cache time = 300
>   winbind nss info = rfc2307
>   winbind enum groups = yes
>   winbind enum users = yes
>   winbind use default domain = yes
>   winbind separator = /
>   winbind nested groups = yes
>   template homedir = /home/%U/homedir
>   template shell = /bin/bash
>   debug uid = yes
>
> [Accounts]
>  comment = Accounts Stuff
>  path = /filestore/accounts
>  guest ok = no
>  browseable = yes
> ;  valid users = @VALEX/vxAccounts @VALEX/vxSystems
>  create mask = 0660
>  directory mask = 0770
>  fstype = EXT3
> ;  force group = + at VALEX/vxAccounts
>
> [14:32:58 root at adl-nas-01 filestore]# id dvanlaatum
> uid=10440(dvanlaatum) gid=20000(vxsystems)
> groups=20000(vxsystems),20002(domain admins),20003(domain
> users),20001(vxallusers),5006(BUILTIN/administrators),5007(BUILTIN/users)
>
> [14:35:02 root at adl-nas-01 filestore]# ls -ald /filestore/accounts/
> drwxrwxr-x 3 root vxallusers 4096 2010-04-19 11:32 /filestore/accounts/
>
> [14:37:54 david at L00018 ~]# smbclient -U dvanlaatum //adl-nas-01/Accounts
> Password:
> Domain=[VALEX] OS=[Unix] Server=[Samba 3.2.5]
> smb: \> mkdir test
> NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \test
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>