I'm a bit confused. We're a hybrid shop with servers of many flavors
and many PC workstations. We've set samba up with security=adm. User
access is authenticated by our ADS system.
We recently migrated to a new samba server. The Samba domain was properly
joined to the domain and everything seemed to be working fine. We had a share
on the old server like this:
[common]
comment = Common ground for developers
path = /common
public = yes
read only = yes
write list = @developers,@support,@qa,devbuild
create mask = 02775
This basically gave our R&D group write access to the share and read-only to
everyone else. We migrated this directly to the new server but none of the
users on the new server could get write access as the write list parameter
should have done.
Turns out that when we installed the new samba, we had started winbind. After
about 8 hours of scratching our heads (and other parts) we found that by turning
winbindd off, that proper write access to these shares would come back.
My question is why the write list didn't seem to work while winbind was
running? Should the write list had domain user type names (i.e.
MQSOFTWARE\developers)?
Thanks in advance.
Wayne Johnson
Senior Software Engineer
MQSoftware, Inc.
1660 S Highway 100
Minneapolis, MN 55416
(952) 345-8628
