samba - Sep 2007 - UPDATE - NT_STATUS_ACCESS_DENIED making remote directory

Well, I've discovered something and I'm not sure how to make it stop
doing it.  When a user "logs in" they get an automatically assigned
group of "domain users" which doesn't actually exist in any of the
file
permissions.  I've tried setting group = %G and force group = %G but
neither one is working.  If anyone knows how to suppress this, I'd be
greatly appreciative.

 

Vital Stats - AMD 64-bit CPU, Ubuntu 7.0.4 (Feisty Fawn), Samba 3.0.24,
Win2003 AD Domain

 

If I've left anything out, please feel free to ask. This *was* working
yesterday until my Kerberos ticket expired.  (growl)  Anyway, now that
Kerberos appears to be working again, all of my users still only have
read access - no write access.  The "temp" test works fine.  Exactly
as
expected - full access.  Nothing should have changed in the last 24
hours on the AD side so I'm not sure why all of a sudden I'm getting
read only access for my user shares.  Samba & the authentication seems
to be working.  I get sensible and complete results when I do a wbinfo
-u and -g.  When I try mapping the share and doing stuff from the actual
Ubuntu server, I see that no user is allowed write access to their own
home directory.  I was hoping that one of you folk might have some
insight.  

 

[global]

        workgroup = COX

        realm = ELCSB.NET

        server string = bakserve2

        security = DOMAIN

        log level = 3

        log file = /var/log/samba/%m

        max log size = 50

        printcap name = cups

        disable spoolss = Yes

        show add printer wizard = No

        os level = 33

        preferred master = No

        local master = No

        domain master = No

        wins server = 129.119.81.20

        idmap uid = 10000-20000

        idmap gid = 10000-20000

        template shell = /bin/bash

        winbind cache time = 10

        winbind enum users = Yes

        winbind enum groups = Yes

        winbind use default domain = Yes

 

[homes]

        comment = Home Directories

        path = /home/%U

        user = %U

        valid users = COX\%S

        read only = No

        create mask = 0770

        directory mask = 0770 

        writeable = Yes

        browseable = Yes

 

[temp]

        comment = Temp Test

        path = /tmp

        writeable = Yes

        browseable = Yes

        read only = No

 

Thanks,

 

Ms. Jimi Thompson, CISSP

Manager of Web Operations

SMU Cox School of Business

 

"Contemplate the mangled bodies of your countrymen and then ask
yourself, What should be the reward of such sacrifices... If ye love
wealth better than freedom, the tranquility of servitude than the
animating contest of freedom, go from us in peace. We ask not your
counsels or arms. Crouch down and lick the hands that feed you. May
your chains sit lightly upon you, and may posterity forget that ye  were
our countrymen." - Samuel Adams  This from our founding fathers.  I
wonder what they'd think of the Patriot Act & the Emergency Powers Act.