[Samba] Samba not get updated list of user group membership

Tobias Hachmer t.hachmer at s-v.de
Thu Jan 4 10:23:50 UTC 2024


Hello and a Happy New Year to all,

we have a Samba 3-Node CTDB Cluster running Standalone Samba with LDAP 
Backend.

Samba Version: 99:4.18.9-9debian11
OS: Debian 11

Since a quite of time samba doesn't get the updated group list for a 
user. We add a user to an existing LDAP Group to grant access to an 
existing share. The passwd database gets updated via nslcd, but samba 
doesn't show all groups. Here's an example:

Samba Log when the new user added to the group want to access the share:
---
Jan 04 11:09:12 smb-002 smbd[1269695]: [2024/01/04 11:09:12.924665,  0] 
../../source3/smbd/smb2_service.c:117(chdir_current_service)
Jan 04 11:09:12 smb-002 smbd[1269695]:   chdir_current_service: 
vfs_ChDir(/srv/samba/shares/EXAMPLE_SHARE) failed: Permission denied. 
Current token: uid=38923, gid=20000, 12 groups: 2086 2235 2241 2289 2332 
2552 5505 5585 5619 5625 27 2117
---

If I run id with the uid number I get all groups, which are more than 
samba shows in the log:
---
~# id 38923
uid=38923(xxx) gid=20000(xxx) 
groups=27(xxx),2086(xxx),2117(xxx),2235(xxx),2241(xxx),2289(xxx),2332(xxx),2552(xxx),5505(xxx),5585(xxx),5587(xxx),5619(xxx),5625(xxx),20000(xxx)
---

The group id in question is "5587", which is shown by id but not in the 
samba log.

Our configuration is here: https://pastebin.com/NUQHLqrT

I have invalidated the nscd group table, restarted the CTDB Cluster, 
restarted nslcd ...

Any help really appreciated.

Thanks and regards
Tobias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2894 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20240104/8e0fbbf1/smime.bin>


More information about the samba mailing list