Hi, I'm running Ubuntu 12.04 server with Samba4 setup as a DomainController - following the OpenChange Cookbook. Everything works, except for file shares not using the user's group. All users view via smbstatus -v show group 'users' no matter what AD group they are in. I've also setup the box to use LDAP authentication using nslcd via nsswitch.conf and using kerberos, but it doesn't matter what, the smbstatus shows group 'users' (gid=100) for all users. Here's my smb.conf: Code: cat /usr/local/samba/etc/smb.conf # Global parameters [global] ### Configuration required by OpenChange server ### dcerpc endpoint servers = +epmapper, +mapiproxy dcerpc_mapiproxy:server = true dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, exchange_ds_rfr ### Configuration required by OpenChange server ### workgroup = SFPI-TEST realm = SFPI-TEST.local netbios name = OPENCHANGEDEV server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate [netlogon] path = /usr/local/samba/var/locks/sysvol/sfpi-test.local/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [Homes] path = /var/openchange/users/%U read only = no [IT] path = /var/openchange/IT preserve case = yes browseable = yes read only = no hide special files = yes valid users = DanteBell,KateL [Profiles] path = /var/openchange/Profiles read only = no Connection using smbclient: Code: smbclient -d3 -U DanteBell%PASSWORD -W SFPI-TEST //192.168.4.110/IT lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" added interface eth0 ip=fe80::de0e:a1ff:fe93:7b12%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.4.222 bcast=192.168.7.255 netmask=255.255.252.0 Client started (version 3.6.3). Connecting to 192.168.4.110 at port 445 Doing spnego session setup (blob length=112) got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178@please_ignore Got challenge flags: Got NTLMSSP neg_flags=0x60898215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 Domain=[SFPI-TEST] OS=[Unix] Server=[Samba 4.1.0] smb: \> dir . D 0 Thu Jan 23 13:46:42 2014 .. D 0 Fri Jan 31 11:40:15 2014 3C16685_User_Guide.pdf A 1803778 Thu Aug 25 13:28:01 2011 46802 blocks of size 1048576. 44365 blocks available Total bytes listed: 1803778 smb: \> getfacl 3C16685_User_Guide.pdf # file: \3C16685_User_Guide.pdf # owner: 3000000 # group: 3000017 user::rwx group::r-x group:100:r-x group:3000000:rwx mask::rwx other::r-x smb: \> mkdir test smb: \> cd test dos_clean_name [\test\] unix_clean_name [\test\] smb: \test\> mput *.txt Put file 20130517-catalyst-3560-show-run-working.txt? y smbstatus while connected above: Code: /usr/local/samba/bin/smbstatus -v using configfile = /usr/local/samba/etc/smb.conf Samba version 4.1.0 PID Username Group Machine ------------------------------------------------------------------- 6768 DanteBell [B]users[/B] 192.168.4.222 (ipv4:192.168.4.222:39713) Opened /usr/local/samba/var/lock/connections.tdb Service pid machine Connected at ------------------------------------------------------- IT 6768 192.168.4.222 Mon Feb 3 14:30:21 2014 No locked files samba-tool listmembers of group "Unix Administrators": Code: PYTHONPATH=$PYTHONPATH /usr/local/samba/bin/samba-tool group listmembers "Unix Administrators" KateL DanteBell $64144BC-BE25C09EDAD68F17 /etc/nsswitch.conf: Code: # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat ldap group: compat ldap shadow: compat ldap hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 ldap networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis I can dump the LDAP/LDB and that looks fine, too! but I won't put that here since it's too big, but here's the command I utilized: Code: LDB_MODULES_PATH="/usr/local/samba/lib/ldb" /usr/local/samba/bin/ldbsearch -H ldap://openchangedev:389 -k yes -b dc=sfpi-test,dc=local cn='DanteBell' Not sure what else to check. I've also verified using wbinfo sid-to-group,etc and that all looks OK.
