On Wed, 27 Dec 2023 17:22:21 -0500
Rob Campbell via samba <samba at lists.samba.org> wrote:
> I have a user that is a member of a group that should have write
> access to a directory but they cannot write to the directory.
>
>
> $ la | grep Movies
> drwxr-xr-x 345 *HOME\movie editors* HOME\movie users 36K
> May 22 2023 *Movies*
>
> $ id testuser
> uid=3000038(HOME\testuser) gid=100(*users*)
> groups=100(users),3000038(HOME\testuser),3000026(HOME\photo
> users),*3000031(HOME\movie
> editors)*,3000030(HOME\video editors),3000032(HOME\music
> editors),3000037(HOME\rc users),3000009(BUILTIN\users)
>
> HOME\testuser at DC01:/multimedia$ touch *Movies/test*
> touch: cannot touch '*Movies/test*': Permission denied
>
> $ls -lah /multimedia
> drwxrwxr-x 16 tester *users* 4.0K Dec
> 27 16:39 .
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In all things, Be Intentional.
You are using a DC as a fileserver, this is not recommended.
Have you read this:
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Using_the_Domain_Controller_as_a_File_Server_(Optional)
especially this warning:
If you do use an AD DC as a fileserver, You must set the permissions
from Windows, do not attempt to use any of the old methods (force user
etc) . They will not work correctly and will cause problems.
Rowland