Hello all. I'm relatively new to Samba, and haven't been able to track down a solution to this particular problem.
I use Samba/Winbind to authenticate FreeBSD machines against a Windows 2003 Active Directory. That all works fine. The problem is that groups in the AD of type "Security Group - Domain Local" are causing winbindd a lot of grief. Every time the winbindd daemon is accessed, it spews syslog messages like these for every Domain Local group in the AD: -------------------- Jul 7 16:36:15 testbox winbindd[50492]: [2008/07/07 16:36:15, 0] nsswitch/winbindd_group.c:winbindd_getgrent(1110) Jul 7 16:36:15 testbox winbindd[50492]: could not lookup domain group dhcp users Jul 7 16:36:15 testbox winbindd[50492]: [2008/07/07 16:36:15, 0] nsswitch/winbindd_group.c:winbindd_getgrent(1110) Jul 7 16:36:15 testbox winbindd[50492]: could not lookup domain group dhcp administrators Jul 7 16:36:15 testbox winbindd[50492]: [2008/07/07 16:36:15, 0] nsswitch/winbindd_group.c:winbindd_getgrent(1110) Jul 7 16:36:15 testbox winbindd[50492]: could not lookup domain group dnsadmins Jul 7 16:36:15 testbox winbindd[50492]: [2008/07/07 16:36:15, 0] nsswitch/winbindd_group.c:winbindd_getgrent(1110) Jul 7 16:36:15 testbox winbindd[50492]: could not lookup domain group debugger users --------------------- All non-local groups show up just fine in the BSD system. Local groups do not show up in a getent group. All groups, including the local ones, show up when I run wbinfo -g. Running wbinfo -n <localgroup> comes back with a SID: $ wbinfo -n dnsadmins <munged-SID> Local Group (4) This SID is trackable back to a gid: $ sudo wbinfo --sid-to-gid <munged-SID> 11105 Why, then, are these groups not actually getting populated? Can anyone shed some light on this? -HKS -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
