> If you look at the man page for wbinfo, you will see there is an > option to allocate uid's and gid's, and to manually set a uid-to-sid > or gid-to-sid mapping. You may want to manually try creating a > gid-to-sid mapping for one group and seeing if that group shows up in > "getent group." It is not really a solution but it may provide some > additional insight.
While this wasn't the solution exactly, it led me to it. In trying to figure this stuff out, it occurred to me to try and reset the entire idmap and start it over. I did that by renaming the secrets.tdb, winbind_idmap.tdb and group_mapping.ldb files. I also moved the two cache files idmap_cache.tdb and winbindd_cache.tdb files out of the way. I then restarted smbd/nmbd/winbind, which created all those files again. This totally destroyed group permissions for all user accounts. From there I tried allocating a new gid and making a new map to it, but like my previous situation, it seemed like it was working, but only in certain directions. By fluke, I discovered that using net sam, I could get all the info about the groups, so I tried `net same mapunixgroup`, and things started working as expected. So I wiped all the files again, started with a blank group slate, used net sam mapunixgroup to export all my groups, and now wbinfo -g and getent group work. There were some other steps in there (it sounds so much easier than it was), but that is the gist, anyway. The only down side is that user groups are not carried over, but there is no place where I use those groups, so I do not see this as a concern. However, I am not completely out of the woods yet. I expected that once groups started resolving that permissions on my ubuntu workstations would also resolve. this has not proved to be the case. On the ubuntu workstation, I can run getent group and wbinfo -g, both return me the expected domain listing. The groups and id commands return expected results (except I am listed in a group called DOM\none). however when I list the shares, all permissions list like so: dom\bob.mil...@test5:~/Departments$ ls -aln d---rws--- 14 15000 15000 0 2010-12-29 13:22 Finance d---rws--- 9 15000 15000 0 2011-01-04 23:10 IT dom\bob.mil...@test5:~/Departments$ i=$(wbinfo -G 15000); wbinfo -s $i DOM\None 2 What is that 2, anyway? I looked in the manpage and searched google, but I dont' find anything about it... Seems the function of group permissions is not being passed to the file system. Mayhaps this is a function of pam_mount, or perhaps this is because I do not have the same idmap on both server and workstation. Either way, thank you very much for helping resolve the wbinfo -g thing, I am at least a step closer than I was :) Bob Miller 334-7117/660-5315 http://computerisms.ca b...@computerisms.ca Network, Internet, Server, and Open Source Solutions -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba