We are having what appears to be two main issues in our attempt to setup Samba 3.0.0 compiled from src on Solaris 8. We are using Samba to provide Unix shares on W2K clients, and to authenticate against a W2K Active Directory server. OpenLDAP is used on the Samba side for the UID/GID to SID mappings.
The first issue deals with the file sharing. Even if a file gives full permission to one of a user's secondary groups, that user cannot access the file. The user can only access the file (or directory) if the file's group is the user's primary group. I've found several references on the web and in https://bugzilla.samba.org, which seem to indicate that the bug is fixed. However, we also tried this with 3.0.1rc2 and have the same problem; which makes us think it is a configuration error or something we haven't found related to nsswitch. The second issue deals with groupmap. Again, searches haven't turned up anything fruitful. When we execute commands similar to the following: groupadd elves net groupmap add ntuser=LOTR+fairfolk username=elves We always get the following error: No rid or sid specified, choosing algorithmic mapping adding entry for group LOTR+fairfolk failed! Output from the above groupmap command with debug level of 3 gives: ---- param/loadparm.c:lp_load(3917) lp_load: refreshing parameters param/loadparm.c:init_globals(1303) Initialising global parameters param/params.c:pm_process(566) params.c:pm_process() - Processing configuration file "/h/SMBSVR/cfg/smb.conf" param/loadparm.c:do_section(3420) Processing section "[global]" lib/interface.c:add_interface(79) added interface ip=172.31.4.133 bcast=172.31.4.143 nmask=255.255.255.240 passdb/pdb_ldap.c:ldapsam_search_one_group(1597) ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))] lib/smbldap.c:smbldap_open_connection(623) smbldap_open_connection: connection opened lib/smbldap.c:smbldap_connect_system(785) ldap_connect_system: succesful connection to the LDAP server passdb/pdb_ldap.c:ldapsam_search_one_group(1597) ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=4294967295))] passdb/pdb_ldap.c:ldapsam_search_one_group(1597) ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))] << the above 4 lines repeat 10 more times >> passdb/pdb_ldap.c:ldapsam_search_one_group(1597) ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=4294967295))] passdb/pdb_ldap.c:ldapsam_search_one_group(1597) ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=201))] passdb/pdb_ldap.c:ldapsam_search_one_group(1597) ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=201))] utils/net.c:main(758) return code = -1 No rid or sid specified, choosing algorithmic mapping adding entry for group LOTR+fairfolk failed! ---- Other tidbits: ---- Using the previous example, "getent group LOTR+fairfolk" returns a group id of 11959. "getent group elves" returns a group id of 201. "/usr/bin/id -a LOTR+sampleuser" gives correct user and full group list. "getent passwd LOTR+sampleuser" and "getent group | grep sampleuser" give user info and all groups. /etc/group contains the elves group with a group id of 201. "net groupmap list" returns nothing (debug > 2 shows "ldapsam_setsampwent: 0 entries in the base!"). ---- Samba compilation performed using the flags: --with-ads --with-ldap --with-included-popt --with-winbind --with-winbind-auth-challenge --with-pam --with-ldapsam --with-acl-support ---- smb.conf Contains: ldap admin dn = "cn=smbldapuser,ou=user,dc=lan,dc=subd,dc=dom,dc=com" ldap server = globalsvr.lan.subd.dom.com ldap port = 8001 ldap suffix = "ou=idmap,dc=lan,dc=subd,dc=dom,dc=com" ldap ssl = no ldap filter = "(&(uid=%u) (objectclass=sambaAccount))" winbind separator = + idmap backend = ldap:ldap://globalsvr.lan.subd.dom.com:8001 idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes template homedir = /USERS/global/%U template shell = /bin/ksh workgroup = LOTR server string = smbdev security = ads encrypt passwords = yes password server = activedsvr.lan.subd.dom.com client use spnego = yes log file = /SMBSVR/var/log.%m max log size = 5000 realm = LOTR.REF.DOMAIN.COM socket options = TCP_NODELAY socket options = TCP_NODELAY local master = no dns proxy = yes inherit permissions = no create mask = 0774 force create mode = 0000 security mask = 0774 force security mode = 0000 directory mask = 0775 force directory mode = 0000 directory security mask = 0775 force directory security mode = 0000 [homes] comment = Home Directories path = /users/%S browseable = no writable = yes only user = yes [global_data] comment = Global Data share browseable = yes path = /globaldata read only = no public = yes ---- ldap.conf contains host activedsvr.lan.subd.dom.com base dc=lan,dc=subd,dc=dom,dc=com scope sub nss base passwd dc=lan,dc=subd,dc=dom,dc=com?sub nss base shadow dc=lan,dc=subd,dc=dom,dc=com?sub nss group dc=lan,dc=subd,dc=dom,dc=com?sub Pre-Thanks for whatever help or suggestions you can give, john -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba