This is the same issue mentioned in bug 9052. I have tried the same test case
with samba3.6.12 patched server. And here is the behavior..
setup and configuration:
created a User: Hemanth
created a Domain local group: east_users (made user Hemanth as part of this)
Made samba server joined to WEST domain.
# wbinfo -a=EAST_USA_MD\\hemanth%password
plaintext password authentication succeeded
challenge/response password authentication succeeded
# id EAST_USA_MD\\hemanth
uid=1792541994(EAST_USA_MD\hemanth) gid=1792541185(EAST_USA_MD\domain users)
Here it did not list the domain local group east_users.
But bug 9052 says this is fixed as part of 3.6.6.
This is a FreeBSD-only bug.
Timur has a fix for this at: http://samba.org.ru/ports/patch-nsswitch__winbind_nss_freebsd.c
We will have verified it in a day or two.
Hmmm, there might be license issues, since Timur copied stuff from FreeBSD's libc.
Will need clarifications on that.
Shouldn't be an issue if it's a normal 3-clause BSD license.
Just bumped up against this bug today testing FreeNAS 9.1 (nightly). Samba version 3.6.13. Took me a while to figure out why my domain local group based permissions weren't working as expected. Switched to a global group and it works fine. "id username" omits the domain local group.
Any updates on a fix?
Timur: can you shed some light on what the problem here is on FreeBSD and do you have the mentioned patch around?
*** This bug has been marked as a duplicate of bug 10835 ***