Hello,
I've been trying to get samba set up to authenticate users off a W2003/ADS
system and it appears to be working for the most part. However, there is one
issue plaguing me and I'm not sure how serious it is.
In brief, the Windows SID => Unix GID mapping is failing in odd ways. After
getting things set up, the following work:
* wbinfo -g (lists all domain groups, ie DOMAIN+user)
* getent group (lists Unix and Windows groups with GIDs and members)
* wbinfo -r DOMAIN+user (lists GIDs of groups of which the user is a member)
* id DOMAIN+user (returns GIDs, but not group names)
The following do *not* work:
* wbinfo -Y "`wbinfo -n DOMAIN+user`" (get "Could not convert sid
xyz to gid")
* anything like "ls -l /some/dir" will list only numerical gids and a
message
appears in log.winbind along the lines of "name 'blah' is not a
local or
domain group: 1"
UID lookups appear to be working fine. For example the following analogue
works:
wbinfo -S "`wbinfo -n DOMAIN+user`"
The domain usernames show up in ls -l outputs and "id DOMAIN+user"
returns
both the UID and username as expected.
Can anyone suggest why the errors are occurring and why the group names
aren't
being mapped properly in all cases? I've seen some issues mentioned on the
mailing list and in bugzilla concerning gid mapping but they were slightly
different - is this a known bug or "fixed in CVS" issue?
Specs: RedHat 9.0 (fresh install) + samba-3.0.0beta1-1 (install via RPM from
samba.org).
The output of testparm looks like this:
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = DOMAIN
realm = SOMEREALM.UCLA.EDU
ADS server = nnn.nnn.nnn.nnn
server string = myhostname
security = ADS
password server = nnn.nnn.nnn.nnn
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
wins server = nnn.nnn.nnn.nnn
idmap uid = 1000-9999
idmap gid = 1000-9999
winbind uid = 1000-9999
winbind gid = 1000-9999
winbind separator = +
hosts allow = nnn.nnn.nnn., 127.0.0.1
[homes]
comment = Home Directories
path = /home/win/%S
read only = No
browseable = No
Thanks,
Harry