Okay I found the solution to this problem. It appears you shouldn't
run winbindd on a samba PDC.
Derek Harkness
Data Security Analyst Senior
University of Michigan-Dearborn
(313) 593-5089
On Jan 31, 2008, at 08:08 AM, Derek Harkness wrote:
> I've got a very odd situation occurring. I recently upgraded to
> Samba 2.0.26a and now secondary group membership doesn't work.
>
> On the filesystem I have this layout
>
> /derek
> /derek/Folder 1
> /derek/Folder 2
>
> derek has these ACLs
> # file: derek
> # owner: root
> # group: root
> user::rwx
> group::r-x
> other:r-x
>
> Folder 1 has these ACLs
> # file: Folder 1
> # owner: root
> # group: g1
> user::rwx
> group:rwx
> other: ---
> default:user::rwx
> default:group::rwx
> default:group:g1:rwx
> default:mask:rwx
> default:other:---
>
> Folder 2 has these ACLs
> # file: Folder 2
> # owner: root
> # group: g2
> user::rwx
> group:rwx
> other: ---
> default:user::rwx
> default:group::rwx
> default:group:g2:rwx
> default:mask:rwx
> default:other:---
>
> Here is the share block from the smb.conf
> [derek]
> comment = Posix ACL test
> path = /derek
> guest ok = no
> browseable = no
> writeable = yes
>
> Now my user testuser1's primary group is g1 and testuser1 is also a
> member of g2. From the shell testuser1 can access both directories
> and all is good. Through samba testuser1 get an access denied or
> network path not found when accessing Folder 2. If I add g1 to the
> acl on Folder 2 then samba will let testuser1 in. Am I missing
> something?
>
> Derek
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba