Ubuntu 14.04 Samba Write List Permission Only Works With Primary Group After Upgrade From 12.04 – Secondary Groups Not Working

Issues:
For example. User “user1”, has a primary group of “main-users”, and secondary group of “managers”. When “user1” tries to access a Samba folder(s) with “write list = @main-users” (their primary group) the permissions are applied properly and access granted, but when “user1” tries to access a Samba folder with “write list = @managers” (their secondary group) the folder(s) can not be accessed.

Solution:
01. You need to delete and then recreate the group(s) in Samba. This does not delete any group(s) from OpenLDAP or Linux permissions, only Samba.

I found the easy way to do this was through webmin ( https://localhost:10000/ ).
Servers->Samba Windows File Sharing->Samba Users-Samba Groups

02. After making the necessary changes on the server side, have the user(s) reboot their systems in order for the changes to take effect.

Cause:
I believe the issue is caused due to a possible de-linking of the OpenLDAP/Linux SIDs in Samba; recreating the groups in Samba re-links them to the correct domain group.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s