Hi, I'm running Samba Version 3.0.25c on Solaris 10 8/07 on X86 hardware. It's successfully joined to AD.
But, and there always is a but, if : * A user is a member of SomeGroup * and the share alllows SomeGroup to access it * and SomeGroup is NOT what the user has set as their Primary Group in Active Directory then * Samba will recognize that the user can access the share * but, vfs_ChDir will fail Consider a user, "vanhoudn", whose primary group is "WSG Staff". If the share config is set to: [arrakis] path = "/export/arrakis" comment = "Arraken Test share" writeable = yes valid users = @"UIUC+domain users" vfs objects = zfsacl nfs4: mode = special The logs will spit out: [2007/12/12 10:09:17, 10] smbd/share_access.c:(232) user_ok_token: share arrakis is ok for unix user UIUC+vanhoudn [2007/12/12 10:09:17, 10] smbd/share_access.c:(274) is_share_read_only_for_user: share arrakis is read-write for unix user UIUC+vanhoudn Which is good. And, we can see that samba is correctly finding all of the groups that this user is a member of... [2007/12/12 10:09:17, 5] auth/auth_util.c:(474) UNIX token of user 10000 Primary group is 10031 and contains 58 supplementary groups Group[ 0]: 10007 Group[ 1]: 10008 <etc> But, the access to the share will fail. The logs throw out this: [2007/12/12 10:09:17, 5] smbd/uid.c:(273) change_to_user uid=(0,10000) gid=(0,10031) [2007/12/12 10:09:17, 4] smbd/vfs.c:(665) vfs_ChDir to /export/arrakis [2007/12/12 10:09:17, 4] smbd/vfs.c:(665) vfs_ChDir to /export/arrakis [2007/12/12 10:09:17, 0] smbd/service.c:(184) chdir (/export/arrakis) failed [2007/12/12 10:09:17, 3] smbd/error.c:(106) error packet at smbd/process.c(991) cmd=50 (SMBtrans2) NT_STATUS_NETWORK_ACCESS_DENIED And I don't think it's because of filesystem permissions. ls gives: drwxrwx--- 2 root UIUC+domain users 8 Dec 4 14:12 arrakis The last log entry remains the same if the "vfs objects = zfsacl" and "nfs4: mode = special" lines are there or not. Any help would be greatly appreciated. Cheers, Nathan VanHoudnos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba