[Samba] Samba 4 with sssd - primary Windows group membership not honored

Joseph Dickson jdickson at evolvetsi.com
Wed Mar 23 20:51:15 UTC 2016


>
> Can you check if this file exists:
> /usr/local/samba/lib/security/pam_winbind.so


For historical reasons, I used a prefix of /opt/samba when I compiled:

[root at smbfs1 shares]# ls -al /opt/samba/lib/security/pam_winbind.so
-rwxr-xr-x 1 root root 63837 Mar 17 19:54
/opt/samba/lib/security/pam_winbind.so

relevant config lines in case they are helpful:
[global]
lock directory = /srv/fs_main/var/lock
state directory = /srv/fs_main/var/state
cache directory = /var/lib/samba/cache
private dir = /srv/fs_main/var/priv
vfs objects = acl_xattr
inherit acls = yes
map acl inherit = yes
hide dot files = no
winbind enum users = yes
winbind enum groups = yes

workgroup = EVOLVETSI
server string = smbfs cluster
netbios name = SMBFS

map archive = no
map hidden = no
map read only = no
map system = no
store dos attributes = yes

[test]
        path = /srv/fs_main/shares/test
        read only = no


and outputs from the test dir:

[root at smbfs1 shares]# ls -ald test
drwxrwx---+ 2 root domain admins at Evolvetsi.local 6 Mar 23 16:48 test

[root at smbfs1 shares]# getfacl test
# file: test
# owner: root
# group: domain\040admins at Evolvetsi.local
user::rwx
group::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins at Evolvetsi.local:rwx
default:mask::rwx
default:other::r-x

Thanks!

--
*Joseph Dickson*
Director of IT Systems, Evolve Tele-Services, Inc.


More information about the samba mailing list