Hello, Using samba 3.0.23c on Debian 3.1 (package version 3.0.23c-1~bpo.1 from sarge-backports) or version 3.0.14a (package version 3.0.14a-3sarge2 from sarge), I experience the following problem on a file server on a Windows 2003 domain with Active Directory.
Some test user can access group shares of groups he is not in, or cannot access group shares of groups he is in. The output of the following 2 commands show different group IDs: wbinfo -r 'DOMAIN\test_user' id 'DOMAIN\test_user' The first command shows a total of 30 GIDs, some of which are correct and some are not. The second command shows 14 groups, all of which seem to be correct (except that using version 3.0.23c from the backports, I get a spurious GID which does not have a group name, but this might be a side issue). Another test I ran was the command id (without arguments) after "su - 'DOMAIN\test_user'". This also shows 30 groups, as with the first command. It seems to me that my problem might not be really similar to the problem(s) described in those 2 messages: http://lists.samba.org/archive/samba/2006-September/125643.html http://lists.samba.org/archive/samba/2006-October/126101.html Indeed, in those messages, there is only one group listed by the second command. I also have this kind of result with a certain smb.conf configuration (I think it is the case when I comment out the variable "winbind enum groups"). Here is some parts of my smb.conf file: winbind cache time = 300 security = ads domain master = no idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash client use spnego = yes client ntlmv2 auth = yes winbind use default domain = no winbind trusted domains only = no restrict anonymous = 2 winbind nested groups = yes auth methods = winbind winbind enum users = yes winbind enum groups = yes Also, when I tried samba version 3.0.23c, I also had this line: idmap backend = ad My /etc/nsswitch.conf file contains those lines, among others: passwd: compat winbind group: compat winbind shadow: compat Does anyone have an idea about the cause of this problem? Regards, Francois. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba