> This problem went away for me in Samba 3.0.1. A workaround in 3.0.0 is > to set > > winbind use default domain = no > > in the smb.conf. This did in fact solve the group resolution problem on samba-3.0.0-14.3E. I have not tried 3.0.1 yet but will this week and will post the results.
Thanks very much Mike! > This problem went away for me in Samba 3.0.1. A workaround in 3.0.0 is > to set > > winbind use default domain = no > > in the smb.conf. > > Mike > > [EMAIL PROTECTED] wrote: > > Hello all, > > > > I am having some serious problems getting winbind to recognize secondary group > memberships. I have a samba server version samba-3.0.0-14.3E running on RHES > v.3. > > This is running on a 2x Xeon 2.4 Ghz IBM Server with 2G Ram. nscd is not > running. > > See below for smb.conf. > > > > cat /proc/version: Linux version 2.4.21-9.ELsmp > ([EMAIL PROTECTED]) (gcc version 3.2.3 20030502 (Red Hat > Linux 3.2.3-26)) #1 SMP Thu Jan 8 17:08:56 EST 2004 > > > > I have joined the domain with: net rpc join -U administrator -r PDC > > I successfully joined the domain. passdb backend = smbpasswd. wbinfo -u shows > all the domain users and wbinfo -g shows all the domain groups. ls -l shows the > correct domain user/group ownerships. Users can access shares owned by them or > their PRIMARY domain group. But when they try to access a share owned by a > secondary group that they belong to, it is access denied. The only way I can > get a secondary group to resolve is by putting a local unix group in /etc/group > and giving it the same GID as the corresponding domain group, then adding the > users to the local unix group. > > > > I have a RedHat 9 box with the same configuration that works the way it's > supposed to - ie - honoring secondary group memberships from the domain(of > course it is samba version samba-2.2.7a-8.9.0). > > > > This is a very critical situation for us. Any help/suggestions would be > greatly appreciated. > > > > Below is a snip from the samba log file(shows 3 supplementary groups even > though this user belongs to about 20 groups). > > > > [2004/01/20 19:17:44, 5] auth/auth_util.c:debug_unix_user_token(505) > > UNIX token of user 10504 > > Primary group is 10013 and contains 3 supplementary groups > > Group[ 0]: 10013 > > Group[ 1]: 10013 > > Group[ 2]: 10029 > > > > #Begin smb.conf > > passdb backend = smbpasswd > > #winbind configuration------> > > winbind separator = + > > winbind use default domain = yes > > template shell = /bin/false > > template homedir = /netarray/shares/home/%U > > idmap uid = 10000-20000 > > idmap gid = 10000-20000 > > #end winbind configuration-----> > > security = domain > > password server = PDC BDC > > password level = 8 > > username level = 8 > > > > [Shared] > > available = yes > > browseable = yes > > comment = > > path = /netarray/shares/Shared > > public = no > > writable = yes > > valid users = @"Domain Users" @"Domain Admins" @"Global ITS" @d_users > @d_admins @g_its > > invalid users = internet1 internet2 hrtest > > > > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
