[Samba] wbinfo -G $GID fails

[Michael Gasch]

hi

i'm out of knowledge

[System]

- Samba 3.0 Final
- Suse 8.2
- IDMAP Backend = LDAP (Openldap 2.1)

everything works fine

- getent password/group shows all groups from ldap
- in a test machine (XP) all SID's are correctly mapped to users, so i 
can see DOMAIN\User instead of S-1-5-4-xxxxx-xxxxx-xxx-RID
- logons and so on are working
- granting access to files on XP in tab "security" works with ACL with 
one exception:

I can't grant access on files for _groups_  (users no problem) !!!!
if i press "admit" or "ok" to store the new permissions everything is 
reseted

in the logs i see, that samba is searching for the correct SID 
(S-1-4-21-xxx-xxx-xxx-512 -> DomAdmins) _AND_ for the attribute 
sambaSamAccount

of course, for a groupsid, which is mapped to a unix-group (groupmap) 
there's no entry with this search criteria !!!

so samba can't find an entry in LDAP and fails

who uses LDAP and groupmapping and can tell me, how to solve this 
problem, that i just can grant file-access on ACL-User-Base ???

btw: wbinfo -u $UID correctly maps $UID to $SID, but wbinfo -G $GID 
returns "did not succeed" ? but net groupmap list shows the correct 
groupmapping?

thx
micha

-- 


          "Matrix - more than a vision"

**************************************************
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Deutscher Platz 6
04103 Leipzig

Germany
**************************************************