[Samba] Samba no longer honoring secondary groups!

Roland Schwingel roland.schwingel at onevision.com
Mon May 2 11:01:07 UTC 2016


Hi...

Out of sudden our samba file servers are no longer honoring secondary 
group membership.

I appears that the fileservers are no longer seeing groups.
When I do a 'net -U <domUser> rpc group list' on the PDC everything is 
fine. I can see all groups. When I do this on the fileservers I do not
receive anything.

We operate samba 4.3.9 both as classic PDC (for a couple of reason we 
cannot switch to AD) and as fileserver (domain members). Upgraded them
today due to the problems from 4.3.x to 4.3.9. All machines are running 
solely smbd/nmbd no winbind.

Today morning the fileservers which are joined domain members 
(security=DOMAIN) are denying write access to folders for users which
are members of secondary groups. Writing with primary membership is 
working. It is NOT a linux problem. When working directly on linux
(directly on the machine or via NFS) all is ok.

Operating on shares served by a domaincontroller (added some for 
testing) secondary groups are working.

Any ideas what could be wrong and how to fix it?

Thanks in advance,

Roland






More information about the samba mailing list