Hi all, I'm using Samba 3.2.7 with openldap 2.4.13 and have problems with winbind. If winbindd is started, he needs two minutes, until he is responding to queries. That makes it hard to debug problems. May be winbindd is waiting for WINS answers? The problem, the man page says this: ldap group suffix (G) This parameter specifies the suffix that is used for groups when these are added to the LDAP directory. If this parameter is unset, the value of ldap suffix will be used instead. But this is not true, or I have a mistake in my configuration. The LDAP-Search ist done with scope=2 (sub). 2 Posix Entries are found and resolved to sambaSid correctly. Then the SIDs are searched and this search use the base from "ldap user suffix". The result is, that instead of finding 2 users in 2 different OUs, only 1 user is found. So, is this a bug? Is the man page wrong? The problem is shown here, in the slapd.log. slapd[27069]: conn=484 op=68 SRCH base="dc=schule,dc=xx" scope=2 deref=3 filter="(&(uid=domain administratoren)(objectClass=sambaSamAccount))" slapd[27069]: conn=484 op=68 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber slapd[27069]: conn=484 op=68 SEARCH RESULT tag=101 err=0 nentries=0 textslapd[27069]: conn=484 op=69 SRCH base="o=SCHULE,dc=schule,dc=xx" scope=2 deref=3 filter="(&(objectClass=sambaGroupMapping)(|(displayName=domain administratoren)(cn=domain administratoren)))" slapd[27069]: conn=484 op=69 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass slapd[27069]: conn=484 op=69 SEARCH RESULT tag=101 err=0 nentries=1 textslapd[27069]: conn=484 op=70 SRCH base="ou=SCHUELER,o=SCHULE,dc=schule,dc=xx" scope=2 deref=3 filter="(&(objectClass=sambaSamAccount)(|(sambaSID=s-1-5-21-2462391502-1360153102-2655098952-512)))" slapd[27069]: conn=484 op=70 SRCH attr=uid sambaSid slapd[27069]: conn=484 op=70 SEARCH RESULT tag=101 err=0 nentries=0 textslapd[27069]: conn=484 op=71 SRCH base="o=SCHULE,dc=schule,dc=xx" scope=2 deref=3 filter="(&(objectClass=sambaGroupMapping)(|(sambaSID=s-1-5-21-2462391502-1360153102-2655098952-512)))" slapd[27069]: conn=484 op=71 SRCH attr=cn displayName sambaSid sambaGroupType slapd[27069]: conn=484 op=71 SEARCH RESULT tag=101 err=0 nentries=1 text slapd[27069]: conn=486 op=13 SRCH base="o=SCHULE,dc=schule,dc=xx" scope=2 deref=3 filter="(&(objectClass=posixGroup)(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-2462391502-1360153102-2655098952-512))" slapd[27069]: conn=486 op=13 SRCH attr=memberUid gidNumber slapd[27069]: conn=486 op=13 SEARCH RESULT tag=101 err=0 nentries=1 textslapd[27069]: conn=486 op=14 SRCH base="dc=schule,dc=xx" scope=2 deref=3 filter="(&(objectClass=sambaSamAccount)(|(uid=atom)(uid=auge)))" slapd[27069]: conn=486 op=14 SRCH attr=sambaSID slapd[27069]: conn=486 op=14 SEARCH RESULT tag=101 err=0 nentries=2 textslapd[27069]: conn=486 op=15 SRCH base="dc=schule,dc=xx" scope=2 deref=3 filter="(&(objectClass=sambaSamAccount)(gidNumber=9009))" slapd[27069]: conn=486 op=15 SRCH attr=sambaSID slapd[27069]: conn=486 op=15 SEARCH RESULT tag=101 err=0 nentries=0 textslapd[27069]: conn=486 op=16 SRCH base="ou=SCHUELER,o=SCHULE,dc=schule,dc=xx" scope=2 deref=3 filter="(&(objectClass=sambaSamAccount)(|(sambaSID=s-1-5-21-2462391502-1360153102-2655098952-5000)(sambaSID=s-1-5-21-2462391502-1360153102-2655098952-1004)))" slapd[27069]: conn=486 op=16 SRCH attr=uid sambaSid slapd[27069]: conn=486 op=16 SEARCH RESULT tag=101 err=0 nentries=1 textslapd[27069]: conn=486 op=17 SRCH base="o=SCHULE,dc=schule,dc=xx" scope=2 deref=3 filter="(&(objectClass=sambaGroupMapping)(|(sambaSID=s-1-5-21-2462391502-1360153102-2655098952-5000)(sambaSID=s-1-5-21-2462391502-1360153102-2655098952-1004)))" slapd[27069]: conn=486 op=17 SRCH attr=cn displayName sambaSid sambaGroupType slapd[27069]: conn=486 op=17 SEARCH RESULT tag=101 err=0 nentries=0 text [global] unix charset = LOCALE workgroup = SCHULE netbios name = SERVER-1 server string = %h server interfaces = 192.168.231.48/24, 127.0.0.1/8 bind interfaces only = Yes security = user name resolve order = wins bcast host passdb backend = ldapsam ldapsam:trusted = yes ldapsam:editposix = yes lanman auth = Yes syslog = 0 max log size = 1000 log level = 0 log file = /var/log/samba/log.%m log file = /var/log/samba/log.%U add user script = /usr/sbin/smbldap-useradd -m "%u" delete user script = /usr/sbin/smbldap-userdel "%u" add group script = /usr/sbin/smbldap-groupadd -p -a "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" logon script = logon.bat logon drive = L: logon path = \\%L\Profiles\%U logon home = \\%L\%U domain logons = Yes domain master = Yes local master = yes preferred master =yes os level = 254 wins support = Yes ldap admin dn = cn=admin,dc=schule,dc=xx ldap delete dn = Yes ldap machine suffix = ou=ARBEITSSTATIONEN,o=SCHULE ldap passwd sync = Yes ldap suffix = dc=schule,dc=xx ldap user suffix = ou=SCHUELER,o=SCHULE ldap group suffix = o=SCHULE ldap machine suffix = ou=ARBEITSSTATIONEN,o=SCHULE ldap debug level = 160 panic action = /usr/share/samba/panic-action %d idmap domains = ALLE idmap config ALLE:backend = ldap idmap config ALLE:default = yes idmap config ALLE:ldap_base_dn = ou=idmaps,o=SYSTEM,dc=schule,dc=xx idmap config ALLE:ldap_url = ldap://localhost/ winbind nested groups = yes winbind separator = / template shell = /bin/bash template homedir = /home/%g/%U ea support = Yes store dos attributes = Yes -- Gruss Harry Jede