Hello,

I upgraded from Samba 3.0.2 to 3.0.4 on my Redhat Enterprise system and am
now seeing something very strange with POSIX ACLıs. We have several shared
directories setup with per-directory group permissions (In other words each
directory has its own group in active directory). This way if we want to
give a user access to a directory we just add them to the group. After
upgrading too 3.0.4 all of a sudden additions to a group were not working.

So if I edit UserA in active directory and add them to the group
Company-Finance-Folder the user should now be able to access the folder on
the file server but now for some reason the user is getting an access
denied.

Getfacl shows that the group has permissions to the folder.
Wbinfo *u/-g works
³getent group² shows the user has been added to the group

But the user is still getting an access denied. The funny thing is that all
other users with this exact same group are able to access this folder
properly (But these users were added before the upgrade).

Does anyone know why this is?

Second issue ----------------------------------

Normally a Mac client can select Go->Connect to Server in the finder,
connect to the server and then they will get a list of 2 shares. Now one of
these shares is not showing up (The Company_Share) but the client can still
connect to the share if they add the share to the end of the server address
field.

In other words instead of selecting Go->Connect to Server connecting to
smb://server.domain.net then selecting one of the shares from the drop down
list the user now has to connect to smb://server.domain.net/Comany_Share
(Typing in Company_Share manually). Does anyone know why this happened?

Config -------------------------------------

[global]
log level = 0
log file = /var/log/samba/%m.log
realm = domain.net
workgroup = DOMAIN
security = ADS
encrypt passwords = yes
password server = dc0.domain.net dc1.domain.net
server string = AMI File Server
socket options = TCP_NODELAY SO_KEEPALIVE
kernel oplocks = yes
oplocks = yes
veto oplock files =
/*.doc/*.DOC/*.xls/*.XLS/*.ppt/*.PPT/*.pst/*.PST/*.mdb/*.MDB/*.ldb/*.LDB/*.v
sd/*.VSD/*.mpp/*.MPP/*.qbw/*.QBW/*.qbb/*.QBB/*.qbI/*.qbl/*.dxf/*.DXF/*.dwg/*
..DWG/*.cdr/*.CDR/*.bak/*.BAK/*.ord/*.xlo/*.igs/*.ipt/*.ipj/*.slp/*.stp/*.opt
/*.xli/*.stl/*.cur/*.sjb/*.log/*.LOG/*.sbs/*.iam/*.idv/*.pcbdoc/*.PcbDoc/*.P
CBDOC/
interfaces = eth0*,lo
bind interfaces only = yes
#host msdfs = yes
# strict locking
# strict sync
# separate domain and username with +, like DOMAIN+username
winbind separator = +
# use uids from 11000 to 19000 for domain users
idmap uid = 11000-19000
# use gids from 11000 to 19000 for domain groups
idmap gid = 11000-19000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet access)
template homedir = /mnt/share/Company_Share/Users/%U
template shell = /bin/bash

[Company_Share]
comment = Company Corporate
path = /mnt/share/Company_Share
create mask = 0770
directory mask = 0770
public = yes
writable = yes

[Projects]
comment = Company Projects
path = /mnt/share/Projects
create mask = 0770
directory mask = 0770
public = yes
writable = yes