Created attachment 9096 [details]
I'm using winbind on ubuntu 12.04 with the latest packages from enterprisesamba.com. Everything works fine except that one group name can't be resolved. The relevant group is in another domain (TESTD2), which has an trust to TESTD. The strange thing is that wbinfo can resolve the group name:
ubuntu@rbdsau0g-virt:~$ su TESTD\\uidv0541
groups: cannot find name for group ID 100001
uidv0541@rbdsau0g-virt:/home/ubuntu$ wbinfo -G 100001
uidv0541@rbdsau0g-virt:/home/ubuntu$ wbinfo -s S-1-5-21-2048354812-1799923345-800859446-444655
The smb.conf and the relavant output of winbind -i -d 10 is also attached. I tried idmap backend tdb and ad and could reproduce the same behaviour with both.
Please tell me if I can provide you any further information.
Thanks in advance!
Created attachment 9097 [details]
I have the same issue on Samba 4.0.9 (which works on samba 3.6.9)
I joined one domain \\DOMA which trusts on \\DOMB.
1)"getent group DOMA\\group1" works, but "getent group DOMB\\group2" returns nothing !
2) "wbinfo -n DOMB\group2" returns the SID successfully
3) "getent passwd" works fine for both
4) "wbinfo --group-info DOMB\\group2"
failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for group domb\group2
5) "wbinfo -s <domb_group2_sid>" works too
6) "wbinfo -Y <domb_group2_sid>" returns a GID
7) "wbinfo -G 5015" retudn the correct SID
8) "wbinfo --gid-info 5015" fails !!!!
failed to call wbcGetgrgid: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for gid 5015
9) "getent group 5015" returns nothing
"winbind use default domain = yes" is highly deprecated to use. Especially if you have trusted domains. Does it work if you set winbind use default domain to "no"?
*** Bug 3476 has been marked as a duplicate of this bug. ***
samba just doesn' have the permissons in ad to query all the info it needs. u can try setting winbind expand groups=0 and/or do net setauthuser to give winbind more possibilities to get the information it needs and as a result get the id resolution work.