[Samba] 3.6 member to 2008 AD, winbind integration, users sometimes lose group membership
jrharris19 at yahoo.com
Wed Feb 19 18:55:24 MST 2014
We've had linux fileservers in our org for a long time and this roughly
coincided with version 3.6.
Our linux member servers are winbound, filesystems are ext2+ with acl
support and permissions assigned to AD groups via setfacl.
At any given time, out of all the users that use the fileshares daily
there are about 1-2 that get "access denied" by the client os (win xp, 7
I can log into the linux host, su into the denied account, and verify
that it is denied locally too, so the issue is not with smb share, but
with winbind/ad/filesystem acl.
id and getent will show that the group membership of the denied user is
"missing" some groups, namely the ones that are needed to access the
directory in question. After checking with other accounts it seems like
samba loses group enumeration more commonly. Only by luck are the bulk
of users successfully able to access the files they need to.
Upon further examination, it seems as though it is random; 100 servers
with the same exact config file (save for server name) will all do
groups correctly except for one. After a month, it will change and
another server will misbehave while the first will "fix" itself.
Is this the correct forum to ask for help ? If not, where can I go ?
More information about the samba