All wbinfo commands and "getent passwd" work fine, but we have a problem doing
nss lookups via "getent group" between two Samba 3.0.5/LDAP PDC (with
interdomain trust relationship). When we downgraded to Samba 3.0.2a, the problem
We tried with samba 3.0.4 and the problem persist.
The problem looks like the #1561 bug reported in that list, but LDAP works fine.
The error reported in log.winbind is:
"could not lookup membership for group rid S-1-5-21-xxxx-xxxxx-xxxxx-513 n
domain PROC (error: NT_STATUS_NO_SUCH_GROUP)".
Configuratiom of Samba:
# Global parameters
workgroup = PROC
server string = %N Samba/LDAP Server
passdb backend = ldapsam:ldap://127.0.0.1
log level = 4 winbind:10
log file = /var/log/samba/log.%m
max log size = 1024
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = No
logon path =
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
dns proxy = No
wins server = xxx.xxx.xxx.xxx
ldap suffix = dc=pmpa
ldap machine suffix = ou=Computers,dc=procempa
ldap user suffix = ou=People,dc=procempa
ldap group suffix = ou=Groups,dc=procempa
ldap idmap suffix = ou=IDMap
ldap admin dn = cn=admin,dc=pmpa
ldap ssl = no
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 40000-60000
idmap gid = 40000-60000
please retest against 3.0.6. Thanks.
Version 3.0.6 fix the problem.
Thanks for the feedback.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.