[Samba] idmap_rid / roaming profile permissions / NT AUTHORITY\SYSTEM

[Stefanos Karasavvidis]

I'm struggling with roaming profile permissions as I can not "see" the 
NT AUTHORITY\SYSTEM account.

I have:
-samba file server with acl 3.0.14a
-authentication with winbind and idmap_rid against Windows 2003 ADS
-using "default domain" in smb.conf for winbind

The roaming profile directories are on the samba machine under the users 
home directory. As noted on several sites, the profile directory must 
have the following permissions:
owner full control (this is ok)
SYSTEM (S-1-5-18) full control (here is the problem)

I can't add the permissions for the system account, as it is "not seen" 
from samba. The result is that roaming profile do not work

I get the following output with wbinfo
wbinfo -s "S-1-5-18"
NT AUTHORITY\SYSTEM 5

wbinfo -n "NT AUTHORITY\SYSTEM"
S-1-5-18 Well-known Group (5)

wbinfo -Y "S-1-5-18"
Could not convert sid S-1-5-18 to gid   <--------

wbinfo -S "S-1-5-18"
Could not convert sid S-1-5-18 to uid   <--------

I tried to fix it with net groupmap, but it did not work (maybe I miss 
something?)

So the question is: how do I set permissions for the SYSTEM account???


regards
Stefanos
-- 
======================================================================
Stefanos Karasavvidis
Electronic & Computer Engineer, M.Eng.
e-mail : sk at isc.tuc.gr

Technical University of Crete, Campus
Information Systems Center
Address: Akrotiri, Chania, 73100
Tel.: Library Buildings
       (+30) 28210 37352, (+30) 28210 37355, (+30) 28210 37376
       Environmental Engineering Buildings
       (+30) 28210 37766
Fax:  (+30) 28210 37571