[Samba] After upgrade from Debian Bookworm to Trixie we get access denied for group users
Wim De Geeter
wim.de-geeter at uni-graz.at
Thu Nov 20 10:50:50 UTC 2025
Hello,
We have a running working Samba configuration on a Debian Bookworm (Samba 4.17.12).
All authentication and authorization management is done via openLDAP.
Samba is only used for file services for Windows clients. There is one personal share [homes]
and 2 shares (share1 and share2) that are accessed via groups configured in openLDAP.
Now we have upgrade our server to Debian Trixie (Samba version 4.22.6).
The personal share can still be accessed by all the users, but access to the shares [share1] and [share2] is denied.
All users and groups (group1, group2, group3) are defined in openLDAP
When I use (as a test) a group locally on the server, it works.
Under you see the config in smb.conf
preferred master = no
domain master = no
passdb backend = ldapsam:ldaps://openldap.domain.com
ldap admin dn = cn=admin,dc=domain,dc=com
ldap delete dn = no
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap passwd sync = Yes
ldap suffix = dc=domain,dc=com
ldap ssl = no
idmap config * : backend = ldap
idmap config * : range = 30000-40000
[homes]
comment = Home Directories
path = /home/%S
valid users = %S
read only = no
browseable = no
writable = yes
create mask = 0660
directory mask = 0770
[share1]
comment = Shared Directory for groups
path = /data/share1
valid users = @group1, at group2
read only = No
browseable = no
writeable = yes
public = no
guest ok = no
create mask = 755
directory mask = 2775
[share2]
comment = Shared Directory for groups
path = /data/share2
valid users = @group2, at group3
read only = No
browseable = no
writeable = yes
public = no
guest ok = no
create mask = 755
directory mask = 2775
What did change in samba that users defined in a group get denied.
The error we get: tree connect failed: NT_STATUS_ACCESS_DENIED
Anyone an idea in which direction wie should look?
Many thanks in advance
More information about the samba
mailing list