I'm running samba 3.0.4 on a Redhat Enterprise Linux 3 on a 2.4.21-9.0.3.EL kernel. I have joined my samba server to our AD domain. Everything worked just fine until today. I used winbind authorization for squid, users which are allowed to surf are member of a group "websurfers". Some users still can surf, others however can not anymore. I checked this manually with wbinfo. I searched for the mapped gid of websurfers and I got "10035". Although some users are member of the websurfers group the group 10035 is not listed when I do "wbinfo -r walter". Others that are member of the group have the group 10035 listed when I do "wbinfo -r username". Furthermore: When I do: "getent group | grep 10035" I see the websurfers group with ALL users listed, the user walter included. However when I do "getent passwd" I get both local and AD users but among the AD users the user walter is NOT listed. So to sum it up: * for some AD users "wbinfo -r username" does not list all groups * some AD users are not listed with "getent passwd" * maybe "getent group" does not list all groups? (impossible to tell since there are just too many groups to check this, my websurfer group is listed though)
I did an additional test: I created a new group, added the user 'walter' to it and a new testuser. I restart the winbind service and did "wbinfo -r walter" and "wbinfo -r testuser". For walter the new group is not listed, however for the testuser the newgroup is listed. The user Walter is member of more than 30 groups and the testuser is only member of one group, maybe this has something to do with it?
I think this is a similar bug as bug #1242 and bug #1341
please retest against 3.0.11 and reopen if the bug still exists. Thanks.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.