I've got a samba4 on an ubuntu server (samba 4.1.17). The linux system users are available from samba dc via sssd (ldap module) and are working ok. I can login via ssh, create and access directories based on my user id and group id.
The problem is that when I access directories via samba the linux group permissions are not working. I can access files readable by everyone, but not files from my group.
I tried creating a new file and when I check it's permissions from linux the username is the right one, but the group is some random number (3000007). So apparently samba can map my samba user to the "local" linux one, but has trouble mapping my primary and other groups.
Relevant parts from smb.conf:
[global]
...
server role = active directory domain controller
winbind nss info = rfc2307
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = Yes
map untrusted to domain = yes
...
[shared]
path = /home/shared
browseable = yes
writable = yes
follow symlinks = yes
create mode = 0660
force directory mode = 770
force create mode = 770
Any ideas?
I'm writing here if anyone else has similar problems. I tried clearing up the cache but it didn't help. I ended up upgrading samba to 4.3 and my problems are gone. Apparently the user->uid mapping is improved or something else has been fixed.