samba - Feb 2007 - "gid of user xxx doesn't exist" error repeatedly posted to /var/messages

Hello All,

Samba is posting the following error messages repeatedly during user 
authentication:

Feb 20 09:35:50 SUMSRVR smbd[27950]: [2007/02/20 09:35:50, 0] 
rpc_server/srv_util.c:get_alias_user_groups(206)
Feb 20 09:35:50 SUMSRVR smbd[27950]:   get_alias_user_groups: gid of 
user xxx doesn't exist. Check your /etc/passwd and /etc/group files

It does not appear to be causing any problems, just hitting my log files 
fairly often.

I can cause it to cease by mapping the user's private group to a domain 
group:
	# net groupmap add unixgroup=xxx ntgroup=xxx
However, once a user's private group is mapped to a domain group of the 
same name, any attempts to edit the user in User Manager for Domains 
results in the error message "The following error occurred changing the 
properties of user xxx: The group name could not be found."

I can avoid that error message by mapping all users' private groups to 
domain groups that share a name:
	# net groupmap add unixgroup=xxx ntgroup=privategroup
	# net groupmap add unixgroup=yyy ntgroup=privategroup
	# net groupmap add unixgroup=zzz ntgroup=privategroup
This has the unfortunate side effect of making the "delete group
script"
in smb.conf extremely painful, as I must delete group mappings using the 
sid instead of the group name.

Additionally, I can avoid the error message by mapping users' private 
groups to domain groups with similar names:
	# net groupmap add unixgroup=xxx ntgroup=zxxx
The only side effect of this method appears to be populating the group 
display of User Manager for Domains with useless groups.

Specificatations:
(Red Hat EL 4)  uname -a: 2.6.9-42.0.8.ELsmp #1 SMP Tue Jan 23 13:01:26 
EST 2007 i686 i686 i386 GNU/Linux
(Samba)	        smbd -V: Version 3.0.10-1.4E.11

smb.conf (sanitized)
# Global parameters
[global]
	workgroup = SUMSVR_DOMAIN
	server string = Samba Server for SUMSVR
	interfaces = a.b.c.d
	username map = /etc/samba/smbusers
	private dir = /etc/samba
	passdb backend = tdbsam
	log level = 1
	log file = /var/log/samba/%m.log
	max log size = 50
	socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	deadtime = 15
	logon drive = H:
	logon home = \\%L\%U
	logon path 	logon script = scripts\%U.vbs
	domain logons = Yes
	os level = 60
	preferred master = Yes
	domain master = Yes
	dns proxy = No
	wins support = Yes
	ldap ssl = no
	passwd program = /usr/bin/passwd %u
	smb ports = 139
	strict locking = no
	lock spin time = 15
	lock spin count = 30
	veto oplock files = /*.mdb/*.MDB/*.xls/*.XLS/*eudora*/
	write cache size = 262144
	passwd chat = *new*password* %n\n*new*password* %n\n *changed*
	check password script = /usr/bin/crackcheck -c -d /usr/lib/cracklib_dict

Any ideas?  Any help would be appreciated.

-- 
Best regards,

L. Fred Nuffer
Support Systems Analyst, Senior
Parking and Transportation Services
Email:  fnuffer@email.arizona.edu

Fred Nuffer schrieb:
> Feb 20 09:35:50 SUMSRVR smbd[27950]:   get_alias_user_groups: gid of
> user xxx doesn't exist. Check your /etc/passwd and /etc/group files
Only to make sure i got it right:
You create your users with their own group name, i.e. user fred is
member of the group fred. This group name cannot be found by samba
because samba only knows your domain groups. Is that right?

If so, do you need these "private groups"? I create my users with
primary group "users" which is hinted at by my "Domain
Users" group.
I see the downside of home directories being group accessible, but you
can still do "chmod 700" on a home directory which lets in only the
owner. Samba allows manifold policy settings, share specific or global.

If you can't or won't put your users into a common group, i will try to
find a different solution. Will be tricky - the thinking most of all ;-)


   timbo