Hello, I've been trying to get samba set up to authenticate users off a W2003/ADS system and it appears to be working for the most part. However, there is one issue plaguing me and I'm not sure how serious it is.
In brief, the Windows SID => Unix GID mapping is failing in odd ways. After getting things set up, the following work: * wbinfo -g (lists all domain groups, ie DOMAIN+user) * getent group (lists Unix and Windows groups with GIDs and members) * wbinfo -r DOMAIN+user (lists GIDs of groups of which the user is a member) * id DOMAIN+user (returns GIDs, but not group names) The following do *not* work: * wbinfo -Y "`wbinfo -n DOMAIN+user`" (get "Could not convert sid xyz to gid") * anything like "ls -l /some/dir" will list only numerical gids and a message appears in log.winbind along the lines of "name 'blah' is not a local or domain group: 1" UID lookups appear to be working fine. For example the following analogue works: wbinfo -S "`wbinfo -n DOMAIN+user`" The domain usernames show up in ls -l outputs and "id DOMAIN+user" returns both the UID and username as expected. Can anyone suggest why the errors are occurring and why the group names aren't being mapped properly in all cases? I've seen some issues mentioned on the mailing list and in bugzilla concerning gid mapping but they were slightly different - is this a known bug or "fixed in CVS" issue? Specs: RedHat 9.0 (fresh install) + samba-3.0.0beta1-1 (install via RPM from samba.org). The output of testparm looks like this: Load smb config files from /etc/samba/smb.conf Processing section "[homes]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions # Global parameters [global] workgroup = DOMAIN realm = SOMEREALM.UCLA.EDU ADS server = nnn.nnn.nnn.nnn server string = myhostname security = ADS password server = nnn.nnn.nnn.nnn log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No wins server = nnn.nnn.nnn.nnn idmap uid = 1000-9999 idmap gid = 1000-9999 winbind uid = 1000-9999 winbind gid = 1000-9999 winbind separator = + hosts allow = nnn.nnn.nnn., 127.0.0.1 [homes] comment = Home Directories path = /home/win/%S read only = No browseable = No Thanks, Harry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba