Hello, I upgraded from Samba 3.0.2 to 3.0.4 on my Redhat Enterprise system and am now seeing something very strange with POSIX ACL�s. We have several shared directories setup with per-directory group permissions (In other words each directory has its own group in active directory). This way if we want to give a user access to a directory we just add them to the group. After upgrading too 3.0.4 all of a sudden additions to a group were not working.
So if I edit UserA in active directory and add them to the group Company-Finance-Folder the user should now be able to access the folder on the file server but now for some reason the user is getting an access denied. Getfacl shows that the group has permissions to the folder. Wbinfo �u/-g works �getent group� shows the user has been added to the group But the user is still getting an access denied. The funny thing is that all other users with this exact same group are able to access this folder properly (But these users were added before the upgrade). Does anyone know why this is? Here is my config: [global] log level = 0 log file = /var/log/samba/%m.log realm = domain.net workgroup = DOMAIN security = ADS encrypt passwords = yes password server = dc0.domain.net dc1.domain.net server string = AMI File Server socket options = TCP_NODELAY SO_KEEPALIVE kernel oplocks = yes oplocks = yes veto oplock files = /*.doc/*.DOC/*.xls/*.XLS/*.ppt/*.PPT/*.pst/*.PST/*.mdb/*.MDB/*.ldb/*.LDB/*.v sd/*.VSD/*.mpp/*.MPP/*.qbw/*.QBW/*.qbb/*.QBB/*.qbI/*.qbl/*.dxf/*.DXF/*.dwg/* .DWG/*.cdr/*.CDR/*.bak/*.BAK/*.ord/*.xlo/*.igs/*.ipt/*.ipj/*.slp/*.stp/*.opt /*.xli/*.stl/*.cur/*.sjb/*.log/*.LOG/*.sbs/*.iam/*.idv/*.pcbdoc/*.PcbDoc/*.P CBDOC/ interfaces = eth0*,lo bind interfaces only = yes #host msdfs = yes # strict locking # strict sync # separate domain and username with +, like DOMAIN+username winbind separator = + # use uids from 11000 to 19000 for domain users idmap uid = 11000-19000 # use gids from 11000 to 19000 for domain groups idmap gid = 11000-19000 # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes # give winbind users a real shell (only needed if they have telnet access) template homedir = /mnt/share/Company_Share/Users/%U template shell = /bin/bash [Company_Share] comment = Company Corporate path = /mnt/share/Company_Share create mask = 0770 directory mask = 0770 public = yes writable = yes [Projects] comment = Company Projects path = /mnt/share/Projects create mask = 0770 directory mask = 0770 public = yes writable = yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
