samba - Aug 2004 - Groups not recognized

I've got an issue with a fresh (and I mean really fresh) 3.0.5 + ldap 
server where doesn't seem to recognize unix group membership.  The 
server was 2.2.8a last night and things were working.  The unix side 
works flawlessly, in other words if I log in as myself I can get where I 
need to, but under samba I get nothing.  Here's some supporting info:

my group membership information:
[fgoserv:bin]# groups pgienger
itserv applied itadmin office projects

permissions on the directory:
[fgoserv:itserv]# ls -alF
total 8
drwxrws---   4 speterso itserv       512 Mar  3 09:03 ./
drwxr-xr-x   8 root     root         512 Jun 25 08:10 ../
drwxrws---   5 speterso projects     512 Jun 22 09:34 projects/
drwxrwsr-t   7 root     itserv       512 Aug  3 16:47 shared/

So from that I can access projects and subdirectories with uid pgienger 
on unix.  On samba 3, not so much.  This did work under 2.2.8a last 
night.  My question then is 'is there anything else I should need to do 
to get the groups to recognize?'  This is one example, there are many 
more people/groups/directories that show this behavior as well.

I'm pretty sure I've seen this posting before on the list but I
couldn't
find any resolutions... so if somebody solved it - shame on you for not 
sharing :-P

Thanks

-- 
Paul Gienger                     Office: 701-281-1884
Applied Engineering Inc.         
Information Systems Consultant   Fax:    701-281-1322
URL: www.ae-solutions.com        mailto: pgienger@ae-solutions.com

> I've got an issue with a fresh (and I mean really fresh) 3.0.5 + ldap 
> server where doesn't seem to recognize unix group membership.  The 
> server was 2.2.8a last night and things were working.  The unix side 
> works flawlessly, in other words if I log in as myself I can get where 
> I need to, but under samba I get nothing.  Here's some supporting info:
Ok, apparently this is a solaris-vs.-LDAP issue.  I've tested with a 
machine running Solaris 9 12/02 (that I could reboot) and with anything 
higher than 112960-03 you can't see supplimentary groups, but with -03 
you can do everything like you want to, although the id command never 
shows all the groups, but I think that's a solaris-ism.

Here's the rub, I've got a Solaris 9 8/03 box that has to be upgraded, 
but that version is post 112960-03. Does anybody know of a way around 
this??? I'm not completely averse to ripping out sun's nss library, but 
that's a little more work than this cat likes to do.
>
> my group membership information:
> [fgoserv:bin]# groups pgienger
> itserv applied itadmin office projects
>
> permissions on the directory:
> [fgoserv:itserv]# ls -alF
> total 8
> drwxrws---   4 speterso itserv       512 Mar  3 09:03 ./
> drwxr-xr-x   8 root     root         512 Jun 25 08:10 ../
> drwxrws---   5 speterso projects     512 Jun 22 09:34 projects/
> drwxrwsr-t   7 root     itserv       512 Aug  3 16:47 shared/
>
> So from that I can access projects and subdirectories with uid 
> pgienger on unix.  On samba 3, not so much.  This did work under 
> 2.2.8a last night.  My question then is 'is there anything else I 
> should need to do to get the groups to recognize?'  This is one 
> example, there are many more people/groups/directories that show this 
> behavior as well.
>
> I'm pretty sure I've seen this posting before on the list but I 
> couldn't find any resolutions... so if somebody solved it - shame on 
> you for not sharing :-P
>
> Thanks
>
-- 
Paul Gienger                     Office: 701-281-1884
Applied Engineering Inc.         
Information Systems Consultant   Fax:    701-281-1322
URL: www.ae-solutions.com        mailto: pgienger@ae-solutions.com