[Samba] Re: Winbind syslog errors and Domain Local Groups

[(private) HKS]

Any ideas?
-HKS

On Mon, Jul 7, 2008 at 5:01 PM, (private) HKS <hks.private at gmail.com> wrote:
> Hello all.
>
> I'm relatively new to Samba, and haven't been able to track down a
> solution to this particular problem.
>
> I use Samba/Winbind to authenticate FreeBSD machines against a
> Windows 2003 Active Directory. That all works fine. The problem is
> that groups in the AD of type "Security Group - Domain Local" are
> causing winbindd a lot of grief. Every time the winbindd daemon is
> accessed, it spews syslog messages like these for every Domain
> Local group in the AD:
>
> --------------------
> Jul  7 16:36:15 testbox winbindd[50492]: [2008/07/07 16:36:15, 0]
> nsswitch/winbindd_group.c:winbindd_getgrent(1110)
> Jul  7 16:36:15 testbox winbindd[50492]:   could not lookup domain
> group dhcp users
> Jul  7 16:36:15 testbox winbindd[50492]: [2008/07/07 16:36:15, 0]
> nsswitch/winbindd_group.c:winbindd_getgrent(1110)
> Jul  7 16:36:15 testbox winbindd[50492]:   could not lookup domain
> group dhcp administrators
> Jul  7 16:36:15 testbox winbindd[50492]: [2008/07/07 16:36:15, 0]
> nsswitch/winbindd_group.c:winbindd_getgrent(1110)
> Jul  7 16:36:15 testbox winbindd[50492]:   could not lookup domain
> group dnsadmins
> Jul  7 16:36:15 testbox winbindd[50492]: [2008/07/07 16:36:15, 0]
> nsswitch/winbindd_group.c:winbindd_getgrent(1110)
> Jul  7 16:36:15 testbox winbindd[50492]:   could not lookup domain
> group debugger users
> ---------------------
>
> All non-local groups show up just fine in the BSD system. Local
> groups do not show up in a getent group.
>
> All groups, including the local ones, show up when I run wbinfo -g.
> Running wbinfo -n <localgroup> comes back with a SID:
> $ wbinfo -n dnsadmins
> <munged-SID> Local Group (4)
>
> This SID is trackable back to a gid:
> $ sudo wbinfo --sid-to-gid <munged-SID>
> 11105
>
> Why, then, are these groups not actually getting populated? Can anyone
> shed some light on this?
>
> -HKS
>