The group list problem you describe is identical to mine of a week ago.
Seems to be related to schema and the ability of ldap to do substring
searches against the sambaSID attribute.
I made the problem go away by using a the latest samba,
samba(3).schema, and changing sambaSID indexing in slapd.conf from eq,
to eq,pres,sub, and slapindexing my ldap data.
Now I've got some different problems where machine domain membership
seems to be flakey, and I have to track that down, so I'm not
recommending my fix yet.
On Thu, Feb 5, 2009 at 3:17 AM, Christian Huldt <christian@solvare.se>
wrote:> I have a problem with one samba 3.0.24 pdc using ldap with nss etc,
> sharing works fine, but ownership and the security tab seems crippled,
> and usrmgr.exe complains about "the specified local group does not
> exist" (of course without saying which group) so I dived in to check
>
> I found filters like this one below in the ldap log - is that to support
> nested groups? There are no groups with any sambaSIDList attribute - or,
> there was no groups with any sambaSIDList attribute until I found that I
> could not get ownership until I added the SID of the admin account I was
> using as a sambaSIDList attribute to the admin group, memberuid did not
> suffice.
>
> I tend to believe that something is seriously skew with this
> installation as all tools seems to add group members as memberuid, not
> as sambaSIDlists, but I am grateful for any word to or against this is.
>
> I was told the was some "strangeness" happening while vampiring
the
> domain, but they managed to work around that...
>
>
(&(|(objectClass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=s-1-5-21-1623357179-225914852-925700815-501)(sambaSIDList=s-1-1-0)(sambaSIDList=s-1-5-2)(sambaSIDList=s-1-5-32-546)))
>
> --
> mvh
> Christian Huldt
> 0704612207
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>