On Tue, Mar 22, 2011 at 08:27:05AM -0400, John Mulligan wrote: > Hello samba list, > > [Apologies if you've seen this message before. I'm not sure if the original > got eaten by a filter somewhere along the line.] > > I've run into a rather strange problem at one of our deployments, and > after trying a few ideas myself are turning to you to see if you have > any suggestions for my next step. > > The problem: We're currently running samba 3.5.6 as a file server joined > to an active directory. We set up acls that say group "foo" has r/w access > to a directory. A user "userA" attempts to access that folder and fails > even though the active directory server shows he is in that group. > I've gone through the samba system checking the output of wbinfo > and the getent, groups and id command; they all show that "userA" is > in the supplementary "foo" group. I also turned up the logging and > verified that the results of the "supplementary groups" in the log > show the GID of the "foo" group when "userA" connects. > > Can you suggest to me what else I should be looking at? We've re-run this > test by stripping out all acls (nt and posix) and just using permissions. > Unless this particular user is the owner or the primary group the > user can not access this directory. > It feels as if the supplementary group is being "ignored" for this case, > but I don't know why and I have run out of ideas. Searching google does not > seem to turn up anything relevant at this point, either. I would greatly > appreciate any help investigating what is going on with this system.
Set debug level 10 using smbcontrol for the smbd connected to the specific client - then search the log for ACCESS_DENIED messages. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
