Hello, i hope u guys can help me. This is the first time I write to the list. Sorry about my english...
i got a solaris 10 machine and installed "samba 3.0.2.3c" with "openldap 2.3.2.1" , "openssl 0.9.8" and "gcc 3.4.6". i configured kerberos and all the other things. all good. i added the samba-server (solaris10) to a active directory domain. with "kinit ...." and then "net ads join" and so on. all worked good. then i configured my smb.conf via swat-websoncole. i created a share that was named "all". i added in swat to the "valid users"-option the AD-Group "MyDomain\group_alpha". After this i mounted the share on my Windows-Xp machine. The user on the WindowsXP MAchine is in the Group "MyDomain\group_alpha". all good. i can access an create folders ..... Now i created on my solaris-machine in my Samba-Share-folder "all" 2 Folders. Folders: Permissions Owner Acl 1. "folderA" with rwxrwx--- root root group: group_beta:rwx 2. "folderB" with rwxrwx--- root root group: group_gama:rwx after this i added via "setfacl -m g:MyDomain\\group_beta:rwx folder_a" the group "group_beta" to the first folder. The Same i did with the folder "folderB", i added the group "group_gama" (rwx). Now, i am at the windows machine, my user "winuser" mountet the Samba Share. So, "winuser" is a member of the valid share user group "group_alpha", all AD-users are members of this group. On the two other folders in the share i added permissions for two other groups. So, i as "winuser" should have rights to read,write,execute the "folderA", because "winuser" is a also a member of "group_beta" but i dont have permissions for "folderB". my Problem is now that i can not enter and "folderA" and "folderB"! (windows-prompt : i dont have permissions for this..) The same scenario with adding "users" directly without "group" is working. So i think that samba ignores my supplementary groups for acl!!! i googel'ed a lot for this problem, but no solution. Help me ;) Ciao, Björn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
