Bug 12719 - Some Users cannot access directories
Summary: Some Users cannot access directories
Status: RESOLVED INVALID
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.4.3
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-03-24 15:18 UTC by Torsten
Modified: 2018-02-13 23:00 UTC (History)
0 users

See Also:

Attachments
level 10 log (78.79 KB, application/x-compressed)
2017-03-24 15:18 UTC, Torsten 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Torsten 2017-03-24 15:18:19 UTC 
Created attachment 13103 [details]
level 10 log

Hello,

I am using Samba as a member-server for a Windows AD. Group membership is managed on AD-Servers. On linux the SSSd is running so one can use the groups there. Linux is Redhat 7 linux with latest updates.

We have got several folders where only user and group has access, so permissions are 770 in Linux. And some users cannot access such folders using samba, but using Linux (ssh shell) all is working fine.

After experimenting quite a bit we found different behaviour of different versions. Not working is 4.4.3, 4.5.0 and 4.5.9. Working is 4.4.4 and 4.4.9, which I am currently using. There is also no difference if I use a windows-client or just the smbclient command on Linux.

I have made a level 10 debug-log using version 4.4.3 Once the server started I just connected, cd into a folder and run dir This the gave nt_status_access_denied 

I still have my testing environment, so if needed I can either provide more information or run a regression test...

Thanks,
Torsten.
Comment 1 Björn Jacke 2018-02-13 23:00:27 UTC 
you need to use winbind and a valid idmap configuration. please consult the wiki for that and the mailing list if you can't get it right with the information of the wiki.