If a user is in a total of 16 groups, Samba 3.0.2a does not report it correctly. This prevents opening directories if the permissions on the directory are 770 even if the user is a member of the group owning the directory. If the user is removed from one of the groups, (not the one owning the directory), they can then open the directory and all is right with the world. A piece of output from a -d 10 shows that samba is reporting the primary group twice hance it's reporting 17 groups to the OS instead of 16: [2004/04/22 07:44:15, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 15982 Primary group is 3018 and contains 17 supplementary groups Group[ 0]: 3018 Group[ 1]: 3018 Group[ 2]: 4092 Group[ 3]: 1501 Group[ 4]: 6036 Group[ 5]: 1606 Group[ 6]: 1603 Group[ 7]: 1665 Group[ 8]: 1605 Group[ 9]: 5001 Group[ 10]: 1600 Group[ 11]: 7044 Group[ 12]: 1602 Group[ 13]: 1604 Group[ 14]: 2001 Group[ 15]: 7001 Group[ 16]: 5300 If I remove the user from one group, the reporting only shows 16 groups instead of 17. Samba still reports the primary group twice however: [2004/04/22 08:57:21, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 15982 Primary group is 3018 and contains 16 supplementary groups Group[ 0]: 3018 Group[ 1]: 3018 Group[ 2]: 4092 Group[ 3]: 1501 Group[ 4]: 6036 Group[ 5]: 1606 Group[ 6]: 1603 Group[ 7]: 1665 Group[ 8]: 1605 Group[ 9]: 1600 Group[ 10]: 7044 Group[ 11]: 1602 Group[ 12]: 1604 Group[ 13]: 2001 Group[ 14]: 7001 Group[ 15]: 5300 The user can now get into those directories he couldn't before.
already fixed in 3.0.3rc1
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
database cleanup