<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:9pt" ><div dir="ltr" ><div>The first guess here would be missing id mappings. The id mapping for<br>the user and the user's primary group is a hard requirement, without<br>them the user cannot even logon to the SMB server. Missing id mappings<br>for secondary groups are simply ignored.</div>
<div> </div>
<div>A few things to check would be:</div>
<div> </div>
<div>How are authentication and id mapping configured (mmuserauth)?</div>
<div>Which groups are affected? Is it possible to manually query id mappings for these?</div>
<div>If that does not point to the problem, i would suggest to recreate the<br>access problem while capturing a SMB and a winbind trace (through<br>mmprotocoltrace). Upload these traces together with a snap to a<br>support ticket and we use that as a starting point for debugging.</div></div>
<div dir="ltr" > </div>
<div dir="ltr" >Regards,</div>
<div dir="ltr" ><div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt" ><div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt" ><div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt" ><div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt" ><div class="socmaildefaultfont" dir="ltr" style="font-family:Arial;font-size:10.5pt" ><div dir="ltr" ><font size="2" face="Verdana,Arial,Helvetica,sans-serif" ><font size="2" face="Verdana,Arial,Helvetica,sans-serif" ><span style="font-size:0.857em;" > </span></font></font></div>
<div dir="ltr" ><font size="2" face="Verdana,Arial,Helvetica,sans-serif" ><font size="2" face="Verdana,Arial,Helvetica,sans-serif" ><span style="font-size:0.857em;" ><span style="font-family: Verdana,Geneva,sans-serif;" >Christof Schmitt || IBM || Spectrum Scale Development || Tucson, AZ<br>christof.schmitt@us.ibm.com || +1-520-799-2469 (T/L: 321-2469)</span></span></font></font></div></div></div></div></div></div></div>
<div dir="ltr" > </div>
<div dir="ltr" > </div>
<blockquote data-history-content-modified="1" dir="ltr" style="border-left:solid #aaaaaa 2px; margin-left:5px; padding-left:5px; direction:ltr; margin-right:0px" >----- Original message -----<br>From: David Johnson <david_johnson@brown.edu><br>Sent by: gpfsug-discuss-bounces@spectrumscale.org<br>To: gpfsug main discussion list <gpfsug-discuss@spectrumscale.org><br>Cc:<br>Subject: [EXTERNAL] [gpfsug-discuss] CIFS protocol access does not honor secondary groups<br>Date: Wed, Oct 2, 2019 10:02 AM<br>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" >After converting from clustered CIFS to CES protocols, we’ve noticed that SMB<br>users can’t access files owned by groups that they are members of, unless that<br>group happens to be their primary group. Have read the smb.conf man page,<br>and don’t see anything obvious that would control this… What might we be missing?<br><br>Thanks,<br> — ddj<br>Dave Johnson<br>Brown University CCV/CIS<br>_______________________________________________<br>gpfsug-discuss mailing list<br>gpfsug-discuss at spectrumscale.org<br><a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" target="_blank">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a> </font><br> </div></blockquote>
<div dir="ltr" > </div></div><BR>