Environment
Novell Open Enterprise Server 2 (OES 2) Linux
SUSE Linux Enterprise Server 10 Service Pack 2
SUSE Linux Enterprise Server 10 Service Pack 3
Situation
Due to some changes in winbind user and group names residing in a Windows domain, that have the same name, may not work properly when using certain Samba options such as "force group". For instance, consider the username 'support' and consider the group 'support'. If the admin were to 'getent passwd support' and 'getent group support' then the admin may obtain the following (respectively):
support:x:8767:100::/home/support:/bin/bash
support:!:1000:
support:!:1000:
This in and of itself isn't a problem, however, as winbind looks for the group, it may run into the username first. Once winbind finds a match, it stops looking. This means that if winbind finds the user first, then it will not continue to look for the group. The following error is thrown on the client and can be found in the /var/log/samba/log.smbd file (emphasis added):
[2009/10/08 09:33:41, 10] smbd/service.c:find_forced_group(492)
support is a User, not a group
[2009/10/08 09:33:41, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/reply.c(514) cmd=117 (SMBtconX)NT_STATUS_NO_SUCH_GROUP
Resolution
To force winbind to look for the group, the admin can use the "Unix Group" option. Consider the following share:
[myshare]
path = /some/location
comment = Test Share
browseable = yes
read only = no
force group = "Unix Group\support"