I'm currently using cyrus-imapd 2.4.17 and sssd to obtain nss groups from an openldap server. I have some group acl which are currently working fine. I'm testing the migration to samba4 as an active directory domain controller and I'm trying to use winbind instead of sssd (which works perfectly btw). The problem is that with winbind group acls don't work. Group enumeration (a pain to configure) works: $ getent group | grep m_sist m_sist:x:674:ojeda,luca,calmet,rafa,oscar But I cannot set acl on that group: $ cyradm -u cyrus localhost Password: localhost> sam m_sist group:m_sist lrw setaclmailbox: group:m_sist: lrw: Invalid identifier localhost> Meanwhile I have winbindd running in the foregroung and the above sam command will cause no messages at all (i.e. it seems it isn't querying winbindd for group information) If I change nsswitch back to sssd (which is pulling data from the same samba4 server) and restart cyrus, it works: $ cyradm -u cyrus localhost Password: localhost> sam m_sist group:m_sist lrw localhost> The simple solution is to use sssd and forget about winbind, but I'm curious: why one works and the other doesn't giving that group enumeration works with both? Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es Tel. +34 935883004 Fax +34 935883007 ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
