[mailto:tm-samba201...@firstgrade.co.uk]
Sent: 05 September 2013 19:46
To: Burgess, Adam; samba@lists.samba.org
Subject: RE: [Samba] primary GID based access for user in 16 supplementary
groups
Hiya Adam,
We too have had no end of problems with this sort of issue using Samba on
Solaris (11 in our
I think I have answered this in my other mail. There are no mismatches. Our
AD backend is via an integration layer so that a UNIX account is essentially an
AD account anyway and all its attributes and group memberships come from AD.
The name service resolves all correctly and samba does too
...@firstgrade.co.uk]
Sent: 06 September 2013 10:15
To: Burgess, Adam
Cc: samba@lists.samba.org
Subject: RE: [Samba] primary GID based access for user in 16 supplementary
groups
Hiya Adam,
We have not seen any issue with primary group not matching
file/directory
group owner - but I will look out
but just thought I would throw it out there.
-Original Message-
From: Tris Mabbs [mailto:tm-samba201...@firstgrade.co.uk]
Sent: 06 September 2013 13:01
To: Burgess, Adam
Cc: samba@lists.samba.org
Subject: RE: [Samba] primary GID based access for user in 16 supplementary
groups
Hiya
IDAMP cache somehow ends up with an unmapped SID2UID entry (i.e value = -1) and
the SID2GID entry expires. At this stage winbindd returns unmapped for a
SID-to-UNIX-IDs request. This results in smbd giving incorrect group
memberships and incorrect resource access, until the SID2UID entry
They will likely be different entries with different kvno and encryption type
combinations. Not sure what syntax your klist uses but -e option may give you
the encryption type output for example.
Adam
-Original Message-
From: samba-boun...@lists.samba.org
We observe a difference between a Windows 7 client and Windows 2003/XP client
when accessing directories that should be accessible via the UNIX accounts
primary group GID. Windows client refuses access.
Ignoring for now why the two different client behaviours (either some subtle
difference in