[Samba] Samba no longer honoring secondary groups!

Roland Schwingel roland.schwingel at onevision.com
Mon May 2 11:01:07 UTC 2016


Out of sudden our samba file servers are no longer honoring secondary 
group membership.

I appears that the fileservers are no longer seeing groups.
When I do a 'net -U <domUser> rpc group list' on the PDC everything is 
fine. I can see all groups. When I do this on the fileservers I do not
receive anything.

We operate samba 4.3.9 both as classic PDC (for a couple of reason we 
cannot switch to AD) and as fileserver (domain members). Upgraded them
today due to the problems from 4.3.x to 4.3.9. All machines are running 
solely smbd/nmbd no winbind.

Today morning the fileservers which are joined domain members 
(security=DOMAIN) are denying write access to folders for users which
are members of secondary groups. Writing with primary membership is 
working. It is NOT a linux problem. When working directly on linux
(directly on the machine or via NFS) all is ok.

Operating on shares served by a domaincontroller (added some for 
testing) secondary groups are working.

Any ideas what could be wrong and how to fix it?

Thanks in advance,


More information about the samba mailing list