[Samba] Problem with winbind and UNIX file permissions

[martin.alfke at aksl.de]

We have Samba 3.0-6 (compiled from source) running as a Domain Member
on Sun Solaris9. Samba should operate as a file-server only.
The server exports the same directories that should be made available
to windows clients via NFS. Therefor we need UNIX owner and groups on 
the files and directories.

We decided to use winbind so we do not need to map the Windows- to 
UNIX-Users.

Samba was compiled using:

./configure --prefix=/usr/local/samba --with-winbind --disable-cups
--without-ldap --with-acl-support --without-ads --with-included-popt

Samba and winbind are running fine.

wbinfo -u lists all available Domain Users,
wbinfo -g lists all available Domain Groups

getent passwd lists all available Users (UNIX and Windows)
getent group lists all available Groups (UNIX and Windows)

Connections to the Samba-Server are authenticated via Windows PDC
(password server).

So far everything works....

but:

accessing a directory within the share (/export/extern) on with world
has no permissions is not possible.

On the windows client an error message reading Access Denied is shown.

Permission on the directory:

drwxrwx--- u_ext g_ext 1024 /export/extern/newdata

- We tried adding the Windows User to /etc/group:

g_ext:654:u_ext,DOMAIN/user1

no success


- We tried groupmapping via net groupmap add:

net groupmap list | grep g_ext

DOMAIN/g_ext {SID...} : g_ext

no success


It seems to us that winbind and smbd are not looking for groupmapping
or entries in local /etc/group.

Is this correct?

Has anybody encountered same problems?

Any suggestions how we could solve this problem without using local 
usermapping?

Kind regards,

Martin Alfke