Well, the source of the problem appears to be that the AD users were members of too many groups to map successfully, so none were being mapped except for the primary group. At least that was my best-gues interpretation of the "sys_setgroups failed" message I was seeing in the logs.
Since Solaris only supports membership in 16 groups, and the AD users were in >100 each, I think that's the problem. getent group returns the correct list of users because it's going group->users instead of user->groups, and so the limitation doesn't come into play. Thankfully the group we had to set this up for was small enough to just do the access individually. ~Eric > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > On Behalf Of Eric Diven > Sent: Tuesday, December 02, 2008 10:28 AM > To: [email protected] > Subject: RE: [Samba] Group membership not being honored > > This works if I assign the permissions to the primary group > that the user belongs to. I seem to remember this working > for arbitrary groups in the past. Can anybody clarify? > > Thanks, > > ~Eric > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
