Samba 3.0.28a as a PDC with the following configuration: /etc/samaba/smb.conf [global] log level = 5 workgroup = domb server string = Samba Server Version %v interfaces = lo, eth0 passdb backend = tdbsam:/etc/samba/passdb.tdb username map = /etc/samba/smbusers log file = /var/log/samba/%m.log max log size = 50 # Stuff that makes this machine a PDC. add user script = /usr/sbin/useradd "%u" -n -g domusers delete user script = /usr/sbin/userdel "%u" add group script = /usr/sbin/groupadd "%g" delete group script = /usr/sbin/groupdel "%g" delete user from group script = /usr/sbin/userdel "%u" "%g" add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false -g machines "%u" logon path = \\%L\Profiles\%U logon home = \\%L\%U\.profiles logon drive = H: domain logons = Yes os level = 33 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes # Equivalent of old behaviour. idmap domains = ALLDOMAINS idmap config ALLDOMAINS:default = yes idmap config ALLDOMAINS:backend = tdb idmap config ALLDOMAINS:range = 10000 - 50000 idmap alloc backend = tdb idmap alloc config:range = 10000 - 50000 winbind enum users = yes winbind enum groups = Yes winbind nested groups = yes hosts allow = 127., 192.168.42., 192.168.43. cups options = raw [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = Yes browseable = No share modes = No read only = yes [profiles] path = /var/lib/samba/profiles read only = no create mask = 0600 directory mask = 0700 /etc/nsswitch.conf (Partial) passwd: files winbind shadow: files winbind group: files winbind hosts: files dns wins [root@dombpdc ~]# net groupmap list verbose Server Operators SID : S-1-5-32-549 Unix gid : 10009 Unix group: BUILTIN\server operators Group type: Local Group Comment : Guests SID : S-1-5-32-546 Unix gid : 10004 Unix group: BUILTIN\guests Group type: Local Group Comment : Domain Admins SID : S-1-5-21-2991776595-4262790192-2958925130-512 Unix gid : 500 Unix group: domadmins Group type: Domain Group Comment : Domain Unix group Power Users SID : S-1-5-32-547 Unix gid : 10007 Unix group: BUILTIN\power users Group type: Local Group Comment : Domain Guests SID : S-1-5-21-2991776595-4262790192-2958925130-514 Unix gid : 99 Unix group: nobody Group type: Domain Group Comment : Domain Unix group Print Operators SID : S-1-5-32-550 Unix gid : 10010 Unix group: BUILTIN\print operators Group type: Local Group Comment : Administrators SID : S-1-5-32-544 Unix gid : 10000 Unix group: BUILTIN\administrators Group type: Local Group Comment : Account Operators SID : S-1-5-32-548 Unix gid : 10008 Unix group: BUILTIN\account operators Group type: Local Group Comment : local1 SID : S-1-5-21-2991776595-4262790192-2958925130-1004 Unix gid : 10053 Unix group: local1 Group type: Local Group Comment : domgroup1 SID : S-1-5-21-2991776595-4262790192-2958925130-1005 Unix gid : 10054 Unix group: domgroup1 Group type: Domain Group Comment : Backup Operators SID : S-1-5-32-551 Unix gid : 10011 Unix group: BUILTIN\backup operators Group type: Local Group Comment : Users SID : S-1-5-32-545 Unix gid : 10001 Unix group: BUILTIN\users Group type: Local Group Comment : Domain Users SID : S-1-5-21-2991776595-4262790192-2958925130-513 Unix gid : 501 Unix group: domusers Group type: Domain Group Comment : Domain Unix group For any group with Group type of Local Group: wbinfo -G returns the SID. wbinfo -s retunrs an error. e.g. [root@dombpdc ~]# wbinfo -G 10001 S-1-5-32-545 [root@dombpdc ~]# wbinfo -s S-1-5-32-545 Could not lookup sid S-1-5-32-545 Releases 3.0.25b and 3.0.28 work correctly. Happy to provide logs and do further testing. Let me know what is required.
This is fixed in GIT. Tested on a snapshot from 26 April 2008.