[Samba] Many msgs log.winbindd about "group xxxxx in domain yyyyy does not exist"

Kent Wick Kent.Wick at ers.state.tx.us
Wed Apr 26 13:54:33 GMT 2006 

I am seeing many, many msgs in log.winbindd with the following text:
[2006/04/14 08:54:29, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(255)
  group system in domain AIXSAMBA does not exist

Would anybody be able to point me in the right direction to determine what this is complaining about?
One area I do not understand is why it is complaining about AIXSAMBA (the NETBIOS name).

There is an entry in /etc/group for the "system" group (GID = 0).

I do have some directories in one of the samba shares with an acl set as follows:
*
* ACL_type   AIXC
*
attributes: 
base permissions
    owner(root):  rwx
    group(win_domain_users):  rwx
    others:  r-x
extended permissions
    enabled
      permit  rwx  g:system

Environment:
AIX 5.3:  long names enabled (31 char including ending zero), using pam for authentication
Samba 3.0.22 (compiled from source), configure options were:
    --with-pam --with-acl-support --with-aio-support --with-winbind

smb.conf contents:
[global]
        workgroup = ERSSECURITY
        netbios name = AIXSAMBA
        server string = Samba3
        security = DOMAIN
        log file = /usr/local/samba/var/log.%m
        log level = 1
        algorithmic rid base = 500000
        winbind uid = 100001-500000
        winbind gid = 100001-500000

[denali_d]
        path = /samba/denali01
        acl group control = yes
        create mask = 0775
        directory mask = 2775
#       force group = win_domain_cntlr
#       inherit acls = yes
        inherit permissions = yes
        read only = no
        writeable = yes
        guest ok = no
        admin users = @win_domain_admin

[denali_f]
        path = /samba/denali02
        acl group control = yes
        create mask = 0775
        directory mask = 2775
        force group = win_domain_admin
#       inherit acls = yes
        inherit permissions = yes
        read only = no
        writeable = yes
        guest ok = no
        admin users = @win_domain_admin

Results from wbinfo -g:
BUILTIN\system operators
BUILTIN\administrators
followed by all the groups in the WinNT PDC domain.

Results from "net groupmap list":
System Operators (S-1-5-32-549) -> win_sys_oper
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Controllers (S-1-5-21-1748253822-1525897820-1959552931-3641) -> win_domain_cntlr
Domain Admins (S-1-5-21-3484108990-1107034133-219603564-512) -> win_domain_admin
Domain Guests (S-1-5-21-3484108990-1107034133-219603564-514) -> -1
Power Users (S-1-5-32-547) -> -1
Domain Users (S-1-5-21-3484108990-1107034133-219603564-513) -> win_domain_users
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> win_administrator
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

The "win_xxxxx" groups above are in the /etc/group file as:
win_sys_oper:!:5001:
win_domain_admin:!:5002:user1,user2,user3,user4
win_administrator:!:5003:user1,user2
win_domain_users:!:5004:user5,user6,user7,user3,user1,usert,user2,user8
win_domain_cntlr:!:5005:

Thanks for any assistance/advice that y'all can provide.

K Wick, Texas Emp Retirement Syst
Phone: 512-867-7325

More information about the samba mailing list