[SCM] Samba Shared Repository - branch v3-2-test updated -
release-3-2-0pre2-3016-ga2c3131
simo
idra at samba.org
Mon Sep 15 13:02:44 GMT 2008
On Mon, 2008-09-15 at 14:26 +0200, Karolin Seeger wrote:
> Simo,
>
> On Fri, Sep 12, 2008 at 01:10:02PM +0000, simo wrote:
> > I think you have to change 'winbind expand groups'.
> > By default it is set to 1 (therefore no nesting), I had it set to
> > something like 32 IIRC.
>
> You are right, setting 'winbind expand groups = 32' fixes the issue.
>
> What I noticed today:
> Without your patch, listing nested group memberships works with 'security
> = domain', but not with 'security = ads'. Your patch fixes this issue.
Yes, the problem, afaik, happened only with security = ADS
> The strange gid changes cannot be reproduced reliably. I saw it again
> today, but couldn't reproduce after that. I didn't see this without your
> patch, but that might have been pure chance.
My patch doesn't really touch any group/id mapping code, so I am quite
sure it is unrelated.
> Additionally, I noticed another issue. 'net groupmap list' showed a
> strange group mapping entry:
>
> -----8<------------------snip--------------8<--------------
> bando:/usr/local/samba # ./bin/net groupmap list
> Administrators (S-1-5-32-544) -> domänen-benutzer
> Users (S-1-5-32-545) -> hilfedienstgruppe
> ----->8------------------snap-------------->8--------------
>
> After removing the group_mapping.ldb, I couldn't reproduce that either...
I think the gid mapping problem may have been a consequence of some
dirty caches being around. Have you changed your server configuration
wrt idmap w/o removing group_mapping.ldb and/or the idmap caches/mapping
files ?
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <simo at redhat.com>
More information about the samba-technical
mailing list