Thank you for your response. Bug 910 looks like a different issue.
We are using Samba on Solaris 8, with "security = ads", with AD running on a W2K server. We cannot access someone else's file on Solaris that is owned by a group that we are a member of, if that group is not our primary group. example: Given nsswitch that have 2 lines modified for winbind: passwd: files winbind group: files winbind Given a file owned by user1:group2 such as the following: -rw-rw---- user1 group2 0 Jan 7 testfile.txt And given user2 has a primary group of group1 and a secondary group of group2. The following commands were executed on our smbdev platform, that contains the smb server. smbdev > su - user2 Password: smbdev > id uid=1001(user2) gid=10001(group1) smbdev > id -a uid=1001(user2) gid=10001(group1) groups=10001(group1) smbdev > id -a user2 uid=1001(user2) gid=10001(group1) groups=10002(group2) smbdev > getent group | grep user2 group1:x:10001:user1,user2 group2:x:10002:user1,user2 smbdev > grep user2 /etc/group smbdev > wbinfo -r user2 10002 10001 smbdev > groups group1 smbdev > cat testfile.txt cat: cannot open testfile.txt smbdev > touch testfile smbdev > chgrp group2 testfile2 chgrp: group2: Not owner smbdev > newgrp group2 $ chgrp group2 testfile2 $ ls -l testfile2 -rw-r----- user2 group2 0 Jan 7 testfile2 $exit smbdev > At the initial su to user2, there is a lot of activity in the winbindd log with "log level = 10", but it only mentions the uid of 1001 and the gid of 10001. The secondary group is not mentioned in the log. If I add group2 to the /etc/group file, it works (as one would expect due to the nsswitch.conf settings). I expect it is a problem in libnss_winbind.so. john > -----Original Message----- > From: Hansjoerg Maurer [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 07, 2004 12:05 AM > To: Klinger, John (N-CSC) > Cc: Gerald (Jerry) Carter > Subject: Re: [Samba] Secondary Groups and Group Mapping > > > Hi, > > this might be related to bug 910 > "domain admin rights only works for user, which primary group > is domain > admins" > I submitted last week. > > Just for your information. > If you want me doing some testing, just give me a note. > > Thank you > > > Hansj�rg > > Klinger, John (N-CSC) wrote: > > > > > > >>-----Original Message----- > >>From: Klinger, John (N-CSC) > >>Sent: Friday, December 19, 2003 8:14 AM > >> > >>| | Klinger, John (N-CSC) wrote: > >>| | > >>| | The first issue deals with the file sharing. Even if a > file gives > >>| | full permission to one of a user's secondary groups, that user > >>| | cannot access the file. The user can only access the file (or > >>| | directory) if the file's group is the user's primary group. I've > >>| | fond several references on the web and in > >>https://bugzilla.samba.org, > >>| | which seem to indicate that the bug is fixed. However, we > >>also tried > >>| | this with 3.0.1rc2 and have the same problem; which > makes us think > >>| | it is a configuration error or something we haven't found > >>| | related to nsswitch. > >>| > >>|Gerald (Jerry) Carter wrote: > >>| > >>| This is an open bug > >>| > >>| ~ https://bugzilla.samba.org/show_bug.cgi?id=395 > >>| > >>| cheers, jerry > >> > >>Good news, Jerry; thanks for the reply. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
