samba - Oct 2006 - Problem with Samba PDC LDAP backend and groups

I have configured a SambaPDC with a OpenLDAP backend.

I recently upgraded Samba from 3.0.10-1.4E.9, to 3.0.23c and have run
into a problem with groups.  Specifically, the machines I have joined to
the domain, are not able to retrieve group information.

Please note that "net rpc user" works as expected on both smbd
versions.0

Version Information:
OpenLDAP 2.3.27 
Samba version   3.0.10-1.4E.9
OS: CentOS release 4.4

I join the domain from a FreeBSD box, and then run a net rpc groups, it
is able to pull group information, and display.

I then switch to the new binaries.  Restart slapd and smbd.  I run a net
rpc group and no information is returned.  Again net rpc user works as
expected.  I also make sure to flush the system and add users so that it
is not just retrieving cached information.

Please also note this is a test Samba PDC, and is meant to be a proof of
concept / testing machine.

Thanks

Alex

Below is my smb.conf file:
[global]
   workgroup = ESCPDC
   netbios name = ESC-17
   server string = SambaPDC
   printcap name = /etc/printcap
   load printers = yes
 log level = 10
 log file = /var/log/samba/%m.log
   max log size = 50
   security = user
   #include = /etc/samba/smb.conf.%m
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   local master = yes
   os level = 65
   domain master = yes
   preferred master = yes
   domain logons = yes
   logon script = %U.bat
   logon path = \\%L\profiles\%U
   logon drive = Z:
   #hlogon path    name resolve order = wins lmhosts host bcast
   wins support = yes
   dns proxy = no
passdb backend = ldapsam:ldap://localhost
ldap suffix = dc=escldap,dc=com
ldap suffix = dc=escldap,dc=com
ldap admin dn  = cn=root,dc=escldap,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=People
ldap passwd sync = yes
admin users = root Administrator
null passwords = yes
add user script = /usr/local/sbin/smbldap-useradd.pl -m "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
idmap uid = 100000-200000
idmap gid = 100000-200000
template shell = /bin/false
winbind use default domain = no
time server = yes
[homes]
   comment = Home Directories
   browseable = no
   writable = yes
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
   guest ok = no
   writable = no
   printable = yes

On Thu, Oct 12, 2006 at 01:04:51PM -0700, Alex Long
wrote:
> I join the domain from a FreeBSD box, and then run a net rpc groups, it
> is able to pull group information, and display.
> 
> I then switch to the new binaries.  Restart slapd and smbd.  I run a net
> rpc group and no information is returned.  Again net rpc user works as
> expected.  I also make sure to flush the system and add users so that it
> is not just retrieving cached information.
Do you have group mappings for all the groups?

Volker