[Samba] Samba Permissions

[Baird, Josh]

Hi,

I have a case where I only want to restrict access to SMB shares via filesystem permissions (and POSIX ACLs).  Therefore, I do not want Samba to verify security in any way at the SMB level.  If the filesystem/ACL permissions allow access to the shared directory, so should Samba.  If the filesystem does not allow access to the filesystem, Samba should deny as well.

I thought I had this working correctly, but sometimes it randomly breaks.  Here is an example of a share's configuration:

[testshare]
  comment = Test Share
  path = /test/testshare
  writeable = yes
  create mask = 770
  directory mask = 770

if the share's directory has the following permissions:

drwxrwx--- 2 root       DOMAIN\testgroup 4096 Dec  7 14:54 testshare

Then, anyone in the "DOMAIN\testgroup" should have read/write access to the share, correct?  Instead, when I try to access the share, I get prompted for credentials, and then get denied.  The following error is displayed in SMB logs:

==> /var/log/samba/__ffff_172.26.103.175.log <==
[2012/12/07 14:57:18.622794,  1] auth/auth_util.c:848(create_token_from_username)
  lookup_name_smbconf for DOMAIN\testuser failed

DOMAIN\testuser is a member of DOMAIN\testgroup.

Any help would be greatly appreciated!

Thanks,

Josh