I have this: GroupA: with User1 as member GroupB: with User2 as member ShareA: GroupA write, GroupB read ShareB: GroupB write, GroupA read then i change to this: GroupA: with User2 as member GroupB: with User1 as member and the changes aren't reflected on "reality", until I restart samba thanks
I forgoted, Im using LDAP as database backend, here the relevan part of my smb.conf file: [global] workgroup = IPLANTEST netbios name = PDCIPLANTEST server string = IplanTest Samba3 & OpenLDAP PDC Server interfaces = eth0, lo bind interfaces only = Yes passdb backend = ldapsam:ldap://localhost enable privileges = yes username map = /etc/samba/smbusers log level = 3 syslog = 0 log file = /var/log/samba/%m.log max log size = 1024 smb ports = 139 name resolve order = host wins bcast lmhosts time server = yes printing = cups printcap name = CUPS show add printer wizard = No add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u" delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u" add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g" add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u" add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u" logon script = scripts\logon.bat printcap cache time = 3 # ----| Disabled Roaming profiles |---- # logon path = logon drive = X: logon home = domain logons = Yes domain master = Yes preferred master = Yes wins support = Yes ldap suffix = dc=iplantest,dc=com,dc=ar ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Administrator,dc=iplantest,dc=com,dc=ar idmap backend = ldap:ldap://localhost idmap uid = 10000-20000 idmap gid = 10000-20000 map acl inherit = Yes
Manipulated group membership is reflected in your token after you logoff and logon again, correct?
yes, but not allways, but I cannot tell every single user that ask me for access to a share, that restart session.
This is just the way Windows works. If you want groups re-evalutated you must log on again. This is not a bug. Jeremy.
Ok!, Tanks for your time