samba - Dec 2005 - Unable to give users access to folders within Samba share

Hi,

I'm trying to give my users access to a folder contained within a Samba
share, e.g.

$ ls share

drwxrwsr-x  14 fsuser DOMAIN\OldGroup      432 2005-12-07 15:35 .
drwxr-xr-x   6 root   root                 128 2005-11-17 12:33 ..
drwxrwsr-x   3 fsuser DOMAIN\OldGroup      136 2005-11-22 16:56 Archive
drwxrwsr-x   2 fsuser DOMAIN\NewGroup       48 2005-12-07 15:35 test

Note that the groups have write access to these folders, so I expect
anyone in DOMAIN\OldGroup to have write access to 'Archive' and anyone
in DOMAIN\NewGroup to have write access to 'test'.

This is partially working, in that I added users to OldGroup, then set
up winbind, and now all the users originally added to OldGroup have
write access to 'Archive' but nobody else.

Since then I have created a new group called NewGroup and added some
users to it (myself included), however nobody can write to the folder
owned by NewGroup, even though everyone is a member in exactly the same
way as they were with OldGroup.  Even stranger, users that I've added
to OldGroup since setting up winbind don't have access to the OldGroup
folder.

I thought this was perhaps an issue with winbind not updating the group
membership, except that this appears to be happening:

$ getent group DOMAIN\\OldGroup
DOMAIN\OldGroup:x:10097:DOMAIN\OldUser1,DOMAIN\NewUser1

$ getent group DOMAIN\\NewGroup
DOMAIN\NewGroup:x:10097:DOMAIN\OldUser1,DOMAIN\NewUser1

Yet if DOMAIN\OldUser1 connects, that user has write access to
'Archive' (which was set up before winbind) but not 'test'
(which was
set up after winbind had been running for a while.)  NewUser1 doesn't
have write access to anything, as that user was added to both groups a
few weeks after winbind had been running (and the user has been in the
groups for about a week now, which should be ample time for any caches
to expire.)

Has anyone experienced this before?  I didn't think Samba cached these
values long-term, but it certainly doesn't look like winbind does.

Thanks,
Adam.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adam Nielsen wrote:
> Since then I have created a new group called NewGroup and added some
> users to it (myself included), however nobody can write to the folder
> owned by NewGroup, even though everyone is a member in exactly the same
> way as they were with OldGroup.  Even stranger, users that I've added
> to OldGroup since setting up winbind don't have access to the OldGroup
> folder.
> 
> I thought this was perhaps an issue with winbind not updating the group
> membership, except that this appears to be happening:
What Samba version?  Are you using security = ads ?






cheers, jerry
====================================================================Alleviating
the pain of Windows(tm)      ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"There's an anonymous coward in all of us."              
--anonymous
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDoYLDIR7qMdg1EfYRAlXGAJ9dVnjazY5xFqfHzNVsXtIn7ejbbgCfb3tH
9nXZq3j9wASgGuWvWb4d3nU=DInS
-----END PGP SIGNATURE-----