I am currently using Samba 3.0.2 with Fedora Core 1. I have also duplicated the problem on a test environment.
Sam -----Original Message----- From: Radio Gong 2000 GmbH & Co. KG [Technik] [mailto:[EMAIL PROTECTED] Sent: Thursday, April 08, 2004 2:08 AM To: [EMAIL PROTECTED] Cc: Sam Aylestock Subject: Re: [Samba] ACL group permissions only work on primary group Maybe I am wrong now, but as far as I now there have been several bugfixes according ADS, ldap and kerberos. Anyway an alpha-version is not for a production environment, so update to the latest version of samba! Best greetz Sascha Am Mittwoch, 7. April 2004 23:14 schrieb Sam Aylestock: > My apologies....this is the info from the original post and I am > having the exact problem. The only difference is I am using the > current version of SAMBA(3.02)and Fedora Core 1. The original is as follows... > > Intro: > There have been a few postings on this subject with few answers. If > anyone knows where to point those of us trying to work this out, or > will enlighten us as to the limitations of ACL's and Samba, we would > appreciate your help. So far, acl.bestbits.at does not have any > information on this particular problem. > > Environment: > Samba 3.0 alpha 21 or 23 (I skipped 22, but most likely it had the > same > problem) > Red Hat 8.0 > Kernel 2.4.20 w/ acl patches from acl.bestbits.at > Ext3 filesystem mounted w/ acl option > > Problem: > Samba is successfully authenticating users via a W2K domain using ADS. > Logins and passwords work great, individual file access permissions > work fine. The problem is when setting group file or directory access > permissions, Samba/Linux only recognizes a user's "primary group". > This means if a user is a member of more than one group (by default, > everyone is a member of Domain Users which is also their primary > group) only their primary group is looked at for file/directory access > permissions on the Samba server. > > This causes two problems: > > 1) I have to manually go through every user (250+) a set their default > group to something other than Domain Users (unless, of course, that's > adequate for my needs). This is time consuming, but I can live with it. > > 2) The bigger problem is that a person can only receive access to > files/directories based on membership in only one group. For example, > John is a member of coders and a member of management with coders > being his primary group. Without assigning individual rights, John > will only be able to access the coders directory and will not have > access to the management directory even though the management group > has full access to it. Yes, it would be easy to just assign John > individual rights to the management directory, but this becomes an > exponential headache when you multiply this scenario out across a large company of similar situations. > > > > Sam Aylestock > Sr. Network Administrator > TREEV > Proven Solutions . Real Results .(tm) > Tel: 703-904-3139 > http://www.treev.com/ > > > -----Original Message----- > From: Radio Gong 2000 GmbH & Co. KG [Technik] > [mailto:[EMAIL PROTECTED] > Sent: Wednesday, April 07, 2004 5:09 PM > To: Sam Aylestock; [EMAIL PROTECTED] > Subject: AW: [Samba] ACL group permissions only work on primary group > > Can u please describe ur problem a bit more? > > Regards > > Sascha > > -----Ursprungliche Nachricht----- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Auftrag von Sam Aylestock > Gesendet: Mittwoch, 7. April 2004 23:02 > An: [EMAIL PROTECTED] > Betreff: [Samba] ACL group permissions only work on primary group > > > I just join this list. Did anyone give a reply to this question? I > have been struggling with this same problem. > > Sam Aylestock > Sr. Network Administrator > TREEV(r) > Proven Solutions . Real Results .(tm) > Tel: 703-904-3139 > http://www.treev.com/ > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba