samba - Jul 2010 - group permissions not setting correctly.

On Samba 3.5.4, I have a share that should be writable by all in the Domain
Users group.  When I write to the share, the permission mode is correct but
the data doesn't have the correct group and instead lists the username as
the group.  I tried using "force group" but the share stopped being
accessible after a restart so I removed it.  It doesn't seem like this is
standard behavior so I'm not sure what could be causing it.

Relevant smb.conf info:

[global]
workgroup = domain
netbios name = fs
server string = domauin FS
passdb backend = ldapsam:ldap://127.0.0.1
printcap name = cups
printing = cups
security = user
log level = 3
name resolve order = wins bcast hosts

ldap ssl = off
ldap admin dn = cn=root,dc=domain,dc=com
ldap suffix = dc=domain,dc=com
ldap user suffix = ou=Users
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers

ldap delete dn = Yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
delete group script = /usr/sbin/smbldap-groupdel "%g"
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U
#logon script = %U.bat
logon script = logon.bat

domain master = Yes
domain logons = Yes
os level = 35
preferred master = Yes

idmap uid = 15000-20000
idmap gid = 15000-20000

passwd program = /usr/bin/passwd '%u'
unix password sync = yes
passwd chat = "*New UNIX password*" %n\n "*Retype new UNIX
password*" %n\n
"*updated successfully*"
enable privileges = yes
username map = /etc/samba/smbusers
wins support = yes

[public]
path = /data/public
create mask = 0775
create mode = 0775
directory mask = 0775
guest ok = no
browseable = Yes
writable = yes
write list = "@Domain Users"

>
> On Samba 3.5.4, I have a share that should be writable by all in the 
> Domain
> Users group.  When I write to the share, the permission mode is 
> correct but
> the data doesn't have the correct group and instead lists the username 
> as
> the group.
Do you have:

pam_ldap/nss_ldap .conf setup correctly (They may be the same file 
depending on Linux OS.  Ubuntu server uses same file.)?

nsswitch.conf set up correctly?
>
> I tried using "force group" but the share stopped being
> accessible after a restart so I removed it.  It doesn't seem like this 
> is
> standard behavior so I'm not sure what could be causing it.
>
> Relevant smb.conf info:
>
> [global]
> workgroup = domain
> netbios name = fs
> server string = domauin FS
> passdb backend = ldapsam:ldap://127.0.0.1
> printcap name = cups
> printing = cups
> security = user
> log level = 3
> name resolve order = wins bcast hosts
>
> ldap ssl = off
> ldap admin dn = cn=root,dc=domain,dc=com
> ldap suffix = dc=domain,dc=com
> ldap user suffix = ou=Users
> ldap group suffix = ou=Group
> ldap idmap suffix = ou=Idmap
> ldap machine suffix = ou=Computers
>
> ldap delete dn = Yes
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u"
> "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
> delete user script = /usr/sbin/smbldap-userdel "%u"
> delete group script = /usr/sbin/smbldap-groupdel "%g"
> logon path = \\%L\profiles\%U
> logon drive = H:
> logon home = \\%L\%U
> #logon script = %U.bat
> logon script = logon.bat
>
> domain master = Yes
> domain logons = Yes
> os level = 35
> preferred master = Yes
>
> idmap uid = 15000-20000
> idmap gid = 15000-20000
>
> passwd program = /usr/bin/passwd '%u'
> unix password sync = yes
> passwd chat = "*New UNIX password*" %n\n "*Retype new UNIX
password*"
> %n\n
> "*updated successfully*"
> enable privileges = yes
> username map = /etc/samba/smbusers
> wins support = yes
>
> [public]
> path = /data/public
> create mask = 0775
> create mode = 0775
> directory mask = 0775
> guest ok = no
> browseable = Yes
> writable = yes
> write list = "@Domain Users"
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba