CentOS 3.5 samba3-3.0.20a-24 Security ADS I can't get windows group permissions on shares to work except for 'domain users'. The windows group I am trying to use is Unix.Samba. This group does not exist on the linux box. It resolves correctly using getent group and when I chgrp files to unix.samba, ls shows the group ownership as Unix.Samba. getent group shows this group with the proper members. From XP, I am logged in with an account in this group. But if I try to access files, I get denied if the files aren't world read/write.If I change the unix group on the file to 'Domain users' it works. I noticed in swat if I look at status, my group is listed as 'Domain Users'. I assume this is my default group. What am I doing wrong? Sorry about the long post. Chuck smb.conf: [global] workgroup = XXX realm = CORP.XXXXXX.COM server string = ONMS-Samba security = ADS auth methods = winbind password server = XXXad6 username map = /etc/samba/smbusers log level = 10 syslog = 0 log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No printcap name = CUPS disable spoolss = Yes show add printer wizard = No add user script = /usr/sbin/adduser -g winusers %U preferred master = No dns proxy = No ldap ssl = no idmap uid = 15000-35000 idmap gid = 15000-35000 template homedir = /home/win/%D/%U template shell = /bin/bash winbind use default domain = no winbind nested groups = Yes cups options = raw [test] comment = test Stuff path = /usr/local/samba valid users = @Unix.Samba read only = No ######################################################### winbindd log: [2005/10/19 08:13:42, 6] nsswitch/winbindd.c:new_connection(596) accepted socket 27 [2005/10/19 08:13:42, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn INTERFACE_VERSION [2005/10/19 08:13:42, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(460) [ 0]: request interface version [2005/10/19 08:13:42, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2005/10/19 08:13:42, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493) [ 0]: request location of privileged pipe [2005/10/19 08:13:42, 6] nsswitch/winbindd.c:new_connection(596) accepted socket 34 [2005/10/19 08:13:42, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn DOMAIN_INFO [2005/10/19 08:13:42, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(355) [ 0]: domain_info [CORP.ACSALASKA.COM] [2005/10/19 08:13:42, 6] nsswitch/winbindd.c:new_connection(596) accepted socket 27 [2005/10/19 08:13:42, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn INTERFACE_VERSION [2005/10/19 08:13:42, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(460) [ 0]: request interface version [2005/10/19 08:13:42, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2005/10/19 08:13:42, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493) [ 0]: request location of privileged pipe [2005/10/19 08:13:42, 6] nsswitch/winbindd.c:new_connection(596) accepted socket 35 [2005/10/19 08:13:42, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn GETPWNAM [2005/10/19 08:13:42, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(336) [ 0]: getpwnam acs\acsxpeit$ [2005/10/19 08:13:42, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1533) Retrieving response for pid 12260 [2005/10/19 08:13:42, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1533) Retrieving response for pid 12260 [2005/10/19 08:13:42, 10] sam/idmap_util.c:idmap_sid_to_uid(144) idmap_sid_to_uid: sid = [S-1-5-21-335968984-468744214-619646970-18705] [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:db_get_id_from_sid(315) db_get_id_from_sid [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_id_from_sid(221) internal_get_id_from_sid: fetching record S-1-5-21-335968984-468744214-619646970-18705 of type 0x1 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_id_from_sid(228) internal_get_id_from_sid: record S-1-5-21-335968984-468744214-619646970-18705 -> UID 17095 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_id_from_sid(243) internal_get_id_from_sid: ID_USERID fetching record S-1-5-21-335968984-468744214-619646970-18705 -> UID 17095 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_sid_from_id(190) internal_get_sid_from_id: fetching record UID 17095 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_sid_from_id(196) internal_get_sid_from_id: fetching record UID 17095 -> S-1-5-21-335968984-468744214-619646970-18705 [2005/10/19 08:13:42, 10] sam/idmap_util.c:idmap_sid_to_uid(151) idmap_sid_to_uid: uid = [17095] [2005/10/19 08:13:42, 10] sam/idmap_util.c:idmap_sid_to_gid(173) sid_to_gid: sid = [S-1-5-21-335968984-468744214-619646970-515] [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:db_get_id_from_sid(315) db_get_id_from_sid [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_id_from_sid(221) internal_get_id_from_sid: fetching record S-1-5-21-335968984-468744214-619646970-515 of type 0x2 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_id_from_sid(228) internal_get_id_from_sid: record S-1-5-21-335968984-468744214-619646970-515 -> GID 15035 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_id_from_sid(262) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-335968984-468744214-619646970-515 -> GID 15035 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_sid_from_id(190) internal_get_sid_from_id: fetching record GID 15035 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_sid_from_id(196) internal_get_sid_from_id: fetching record GID 15035 -> S-1-5-21-335968984-468744214-619646970-515 [2005/10/19 08:13:42, 10] sam/idmap_util.c:idmap_sid_to_gid(181) idmap_sid_to_gid: gid = [15035] [2005/10/19 08:13:42, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn GETGROUPS [2005/10/19 08:13:42, 3] nsswitch/winbindd_group.c:winbindd_getgroups(925) [ 0]: getgroups ACS\acsxpeit$ [2005/10/19 08:13:42, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1533) Retrieving response for pid 12260 [2005/10/19 08:13:42, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1533) Retrieving response for pid 12260 [2005/10/19 08:13:42, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1555) Retrieving extra data length=44 [2005/10/19 08:13:42, 10] nsswitch/winbindd_cache.c:cache_store_request_data(1586) Storing request key lJbeM7.muEkc6j1e [2005/10/19 08:13:42, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1533) Retrieving response for pid 12260 [2005/10/19 08:13:42, 10] nsswitch/winbindd_async.c:getsidaliases_recv(782) getsidaliases return 0 SIDs [2005/10/19 08:13:42, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1034) Expanding our own local groups [2005/10/19 08:13:42, 10] nsswitch/winbindd_cache.c:cache_store_request_data(1586) Storing request key xIb0TsjuBWRMv_q- [2005/10/19 08:13:42, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1533) Retrieving response for pid 12293 [2005/10/19 08:13:42, 10] nsswitch/winbindd_async.c:getsidaliases_recv(782) getsidaliases return 0 SIDs [2005/10/19 08:13:42, 10] sam/idmap_util.c:idmap_sid_to_gid(173) sid_to_gid: sid = [S-1-5-21-335968984-468744214-619646970-515] [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:db_get_id_from_sid(315) db_get_id_from_sid [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_id_from_sid(221) internal_get_id_from_sid: fetching record S-1-5-21-335968984-468744214-619646970-515 of type 0x2 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_id_from_sid(228) internal_get_id_from_sid: record S-1-5-21-335968984-468744214-619646970-515 -> GID 15035 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_id_from_sid(262) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-335968984-468744214-619646970-515 -> GID 15035 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_sid_from_id(190) internal_get_sid_from_id: fetching record GID 15035 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_sid_from_id(196) internal_get_sid_from_id: fetching record GID 15035 -> S-1-5-21-335968984-468744214-619646970-515 [2005/10/19 08:13:42, 10] sam/idmap_util.c:idmap_sid_to_gid(181) idmap_sid_to_gid: gid = [15035] [2005/10/19 08:13:42, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn GID_TO_SID [2005/10/19 08:13:42, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(406) [ 0]: gid to sid 15035 [2005/10/19 08:13:42, 10] sam/idmap_util.c:idmap_gid_to_sid(124) idmap_gid_to_sid: gid = [15035] [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:db_get_sid_from_id(283) db_get_sid_from_id: id_type_in = 0x32 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_sid_from_id(190) internal_get_sid_from_id: fetching record GID 15035 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_sid_from_id(196) internal_get_sid_from_id: fetching record GID 15035 -> S-1-5-21-335968984-468744214-619646970-515 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_id_from_sid(221) internal_get_id_from_sid: fetching record S-1-5-21-335968984-468744214-619646970-515 of type 0x2 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_id_from_sid(228) internal_get_id_from_sid: record S-1-5-21-335968984-468744214-619646970-515 -> GID 15035 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_id_from_sid(262) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-335968984-468744214-619646970-515 -> GID 15035 [2005/10/19 08:13:42, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn GETPWNAM [2005/10/19 08:13:42, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(336) [ 0]: getpwnam acs\acsxpeit$ [2005/10/19 08:13:42, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1533) Retrieving response for pid 12260 [2005/10/19 08:13:42, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1533) Retrieving response for pid 12260 [2005/10/19 08:13:42, 10] sam/idmap_util.c:idmap_sid_to_uid(144) idmap_sid_to_uid: sid = [S-1-5-21-335968984-468744214-619646970-18705] [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:db_get_id_from_sid(315) db_get_id_from_sid [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_id_from_sid(221) internal_get_id_from_sid: fetching record S-1-5-21-335968984-468744214-619646970-18705 of type 0x1 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_id_from_sid(228) internal_get_id_from_sid: record S-1-5-21-335968984-468744214-619646970-18705 -> UID 17095 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_id_from_sid(243) internal_get_id_from_sid: ID_USERID fetching record S-1-5-21-335968984-468744214-619646970-18705 -> UID 17095 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_sid_from_id(190) internal_get_sid_from_id: fetching record UID 17095 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_sid_from_id(196) internal_get_sid_from_id: fetching record UID 17095 -> S-1-5-21-335968984-468744214-619646970-18705 [2005/10/19 08:13:42, 10] sam/idmap_util.c:idmap_sid_to_uid(151) idmap_sid_to_uid: uid = [17095] [2005/10/19 08:13:42, 10] sam/idmap_util.c:idmap_sid_to_gid(173) sid_to_gid: sid = [S-1-5-21-335968984-468744214-619646970-515] [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:db_get_id_from_sid(315) db_get_id_from_sid [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_id_from_sid(221) internal_get_id_from_sid: fetching record S-1-5-21-335968984-468744214-619646970-515 of type 0x2 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_id_from_sid(228) internal_get_id_from_sid: record S-1-5-21-335968984-468744214-619646970-515 -> GID 15035 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_id_from_sid(262) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-335968984-468744214-619646970-515 -> GID 15035 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_sid_from_id(190) internal_get_sid_from_id: fetching record GID 15035 [2005/10/19 08:13:42, 10] sam/idmap_tdb.c:internal_get_sid_from_id(196) internal_get_sid_from_id: fetching record GID 15035 -> S-1-5-21-335968984-468744214-619646970-515 [2005/10/19 08:13:42, 10] sam/idmap_util.c:idmap_sid_to_gid(181) idmap_sid_to_gid: gid = [15035] [2005/10/19 08:13:43, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn GETPWNAM [2005/10/19 08:13:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(336) [ 0]: getpwnam acs\zz.ccolht [2005/10/19 08:13:43, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1533) Retrieving response for pid 12260 [2005/10/19 08:13:43, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1533) Retrieving response for pid 12260 [2005/10/19 08:13:43, 10] sam/idmap_util.c:idmap_sid_to_uid(144) idmap_sid_to_uid: sid = [S-1-5-21-335968984-468744214-619646970-25093] [2005/10/19 08:13:43, 10] sam/idmap_tdb.c:db_get_id_from_sid(315) db_get_id_from_sid [2005/10/19 08:13:43, 10] sam/idmap_tdb.c:internal_get_id_from_sid(221) internal_get_id_from_sid: fetching record S-1-5-21-335968984-468744214-619646970-25093 of type 0x1 [2005/10/19 08:13:43, 10] sam/idmap_tdb.c:internal_get_id_from_sid(228) internal_get_id_from_sid: record S-1-5-21-335968984-468744214-619646970-25093 -> UID 15335 [2005/10/19 08:13:43, 10] sam/idmap_tdb.c:internal_get_id_from_sid(243) internal_get_id_from_sid: ID_USERID fetching record S-1-5-21-335968984-468744214-619646970-25093 -> UID 15335 [2005/10/19 08:13:43, 10] sam/idmap_tdb.c:internal_get_sid_from_id(190) internal_get_sid_from_id: fetching record UID 15335 [2005/10/19 08:13:43, 10] sam/idmap_tdb.c:internal_get_sid_from_id(196) internal_get_sid_from_id: fetching record UID 15335 -> S-1-5-21-335968984-468744214-619646970-25093 [2005/10/19 08:13:43, 10] sam/idmap_util.c:idmap_sid_to_uid(151) idmap_sid_to_uid: uid = [15335] [2005/10/19 08:13:43, 10] sam/idmap_util.c:idmap_sid_to_gid(173) sid_to_gid: sid = [S-1-5-21-335968984-468744214-619646970-513] [2005/10/19 08:13:43, 10] sam/idmap_tdb.c:db_get_id_from_sid(315) db_get_id_from_sid [2005/10/19 08:13:43, 10] sam/idmap_tdb.c:internal_get_id_from_sid(221) internal_get_id_from_sid: fetching record S-1-5-21-335968984-468744214-619646970-513 of type 0x2 [2005/10/19 08:13:43, 10] sam/idmap_tdb.c:internal_get_id_from_sid(228) internal_get_id_from_sid: record S-1-5-21-335968984-468744214-619646970-513 -> GID 15000 [2005/10/19 08:13:43, 10] sam/idmap_tdb.c:internal_get_id_from_sid(262) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-335968984-468744214-619646970-513 -> GID 15000 [2005/10/19 08:13:43, 10] sam/idmap_tdb.c:internal_get_sid_from_id(190) internal_get_sid_from_id: fetching record GID 15000 [2005/10/19 08:13:43, 10] sam/idmap_tdb.c:internal_get_sid_from_id(196) internal_get_sid_from_id: fetching record GID 15000 -> S-1-5-21-335968984-468744214-619646970-513 [2005/10/19 08:13:43, 10] sam/idmap_util.c:idmap_sid_to_gid(181) idmap_sid_to_gid: gid = [15000] ##################################################################### *********************************************************************************** This transmittal may contain confidential information intended solely for the addressee. If you are not the intended recipient, you are hereby notified that you have received this transmittal in error; any review, dissemination, distribution or copying of this transmittal is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (collect at 907-564-1000) and ask to speak with the message sender. In addition, please immediately delete this message and all attachments. Thank you. ACS