smaba 3.0.2a setup with ldap support and almost everything working fine. in rpc_server/srv_util.c : get_alias_user_groups calls get_group_from_gid which in turn opens group_mapping.tdb So this function will look into a tdb database and not in the ldap database. This code-path triggers on my systems when I use WinXP to add a ACL with a group from the samba-domain. WinXP reports Access denied after selecting OK on the file properties dialog. The log files on the samba server show this: Apr 26 14:37:56 deepthought smbd[19054]: [2004/04/26 14:37:56, 0] groupdb/mapping.c:init_group_mapping(139) Apr 26 14:37:56 deepthought smbd[19054]: Failed to open group mapping database Apr 26 14:37:56 deepthought smbd[19054]: [2004/04/26 14:37:56, 0] groupdb/mapping.c:get_group_from_gid(655) Apr 26 14:37:56 deepthought smbd[19054]: failed to initialize group mappingFailed to open group mapping database Apr 26 14:37:56 deepthought smbd[19054]: [2004/04/26 14:37:56, 0] groupdb/mapping.c:get_group_from_gid(655) Apr 26 14:37:56 deepthought smbd[19054]: failed to initialize group mappingFailed to open group mapping database Apr 26 14:37:56 deepthought smbd[19054]: [2004/04/26 14:37:56, 0] groupdb/mapping.c:get_group_from_gid(655) Apr 26 14:37:56 deepthought smbd[19054]: failed to initialize group mappingFailed to open group mapping database Apr 26 14:37:56 deepthought smbd[19054]: [2004/04/26 14:37:56, 0] groupdb/mapping.c:get_group_from_gid(655) Apr 26 14:37:56 deepthought smbd[19054]: failed to initialize group mappingFailed to open group mapping database Apr 26 14:37:56 deepthought smbd[19054]: [2004/04/26 14:37:56, 0] groupdb/mapping.c:get_group_from_gid(655) Apr 26 14:37:56 deepthought smbd[19054]: failed to initialize group mappingFailed to open group mapping database Apr 26 14:37:56 deepthought smbd[19054]: [2004/04/26 14:37:56, 0] groupdb/mapping.c:get_group_from_gid(655) Apr 26 14:37:56 deepthought smbd[19054]: failed to initialize group mappingget_alias_user_groups: gid of user scarstens doesn't exist. C heck your /etc/passwd and /etc/group files The user in question is the user working on the WinXP and adding the ACL. During all of that no ldap access whatsoever occours.
Using the command 'net user INFO scarstens' will show all groups and the logfiles of the LDAP-server will show the search activities.
please reopen if the bug still exists in a current release.