On Fri, 2006-12-15 at 12:15 +1100, Matt Skerritt wrote: > Check the file permissions on the folder and files in question. If > the folder is setup with world execute permissions, anybody can > change into it - and any files created by the user in question will > probably be owned by them - and so they'll still have access if they > can change into the containing directory. > > At least, that'd be the first thing I would look at. > > Also try running commands like "groups <user>" to make sure that your > unix backend agrees that they are no longer in the group. > > > On 15/12/2006, at 2:38 AM, Manuel Graumann wrote: > > > Hi folks! > > > > Our smb with LDAP PDC now seems to be nearly completed. Just now we > > found > > out something very mysterious. We organized some directorys to be > > used by > > specific domain groups. If we put a user into a group the user is > > allowed to > > access the associated share. So far this works pretty nice. > > > > If we remove the user from the domain group the user seems to keep > > all his > > rights he got from his group membership we removed - even after > > loggin off > > and on again and restarting smb and nmb. This seems to me a very > > strange > > behaviour. Any ideas where we have to look? > > > > Client OS: XP Pro SP 2 > > Server: openSuse 10.1 64 bit, Samba 3.0.22-13.18, openldap2 > > 2.3.19-18.10, > > smbldap-tools 0.9.1-11 > > > > Any hint would be nice. > > > > Regards > > > > Manuel > >
Sound like a nscd caching issue - had the same problem with LDAP. You probably need to set the user and group cache time to something low in /etc/nscd.conf. Murray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
