Created attachment 8881 [details] screen shot one - Unixattributes tab Ive spent the last week working out why my samba installation would work with Samba3.3.8 but not with anything in the 3.5, or 3.6 range. My environment is redhat 5.5 and 6.4 in an Windows Active Directory 2008R2 environment. We use RFC2307 for unix attributes set at AD level. I was getting random errors such as failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND when running wbinfo -i username getent password would simply return nothing. getent group would work After much troubleshooting and debuging, i have worked out the following. Somewhere along the lines winbind stopped using the primary group field as listed in the Unix Attributes tab (screenshot1.jpg) and started using the primary group tab in the member of section (See screenshot2.jpg). I cant seem to find any documentation outlining this change or why this change of functionality happened. The root casue for me, was that my domain users group, as listed in the member of tab, didnt have unix attributes on it, as it never needed them before due to the primary group being taken from the group listed in the unixattributes tab always being primary. Can anyone tell me why this changed?> or how to change it back?
Created attachment 8882 [details] screen shot 2
the idmap_ad man page says: "This module implements only the "idmap" API, and is READONLY." which kind of documents it. There might be reasons why people might want to have a different primary group but havin consistence with the group memberships is more important for most people. Group memberships are still not completely consistent because the lack of gidNumber attribute of member groups would also make the groups disappear from user membership groups. I agree that the man page of idmap_ad might need some more information and also we might add some more debug messages when we encounter user groups which don't have a gidNumber attribute because this might actually cause not so obvious trouble.
*** Bug 8694 has been marked as a duplicate of this bug. ***
Created attachment 8904 [details] patch to document the requirement of uid/gidNumber attributes and more verbose log output
Created attachment 8905 [details] patch for 4.0 with documentation update and enhanced log output for missing mappings
Pushed to autobuild-v4-0-test.
Pushed to v4-0-test. Björn, is this neede for 3.6, also?
as this is not critical i think 4.0 is enough. Thanks!
Reopening for 3.6 merge, the documentation update is particularly useful. Patch to follow...
Created attachment 8980 [details] Back port for 3.6 - differing man page path
Comment on attachment 8980 [details] Back port for 3.6 - differing man page path lgtm
(In reply to comment #11) > Comment on attachment 8980 [details] > Back port for 3.6 - differing man page path > > lgtm Thanks. @Karolin, please put this on the queue for 3.6.next.
Pushed to v3-6-test. Closing out bug report. Thanks!
*** Bug 7582 has been marked as a duplicate of this bug. ***
*** Bug 9751 has been marked as a duplicate of this bug. ***