[Samba] Users loose supplementary groups after a time

Rowland penny rpenny at samba.org
Thu May 14 18:32:27 UTC 2020

On 14/05/2020 18:46, Orion Poplawski via samba wrote:
> All -
>    I seem to be suffering from the common complaint that users loose
> supplementary group access after a while - in our case it seems to be
> connections left overnight.  Restarting smb fixes it.  I haven't been able to
> determine the cause.
> though I think that is to be expected at this point as we are not using
> winbind idmapping to map AD users, but rather we have an IPA - AD trust and so
> have local unix users already.
Yes, but is winbind running ?
> Server is Scientific Linux release 7.8
> samba-4.10.4-10.el7.x86_64
>          workgroup = DOMAIN
>          security = ads
>          realm = AD.DOMAIN
> # Workaround unix group issue (https://bugzilla.samba.org/show_bug.cgi?id=10618)
>          username map script = /bin/echo
> Is the above now causing more issues?
I think it is what isn't there that is the problem
> Recent changes that I can think of are then 7.8 update and configuring AD
> sites.  Though I think this problem has likely been occurring for a long time
> - but for some reason we are seeing more connections left overnight.

You do not say what you upgraded from, but 7.8 will now mean you have a 
Samba version >= 4.8.0 and from Samba 4.8.0 you need to run winbind if 
you have 'security = ADS' in smb.conf. This also means you need the 
'idmap config' lines as well, which means you cannot have the same users 
in /etc/passwd.


More information about the samba mailing list