On 2015-04-07 16:28, Luca Olivetti wrote: > I'm currently using cyrus-imapd 2.4.17 and sssd to obtain nss groups > from an openldap server. > I have some group acl which are currently working fine. > I'm testing the migration to samba4 as an active directory domain > controller and I'm trying to use winbind instead of sssd (which works > perfectly btw). > The problem is that with winbind group acls don't work. > Group enumeration (a pain to configure) works: > > $ getent group | grep m_sist > m_sist:x:674:ojeda,luca,calmet,rafa,oscar > > But I cannot set acl on that group: > > > $ cyradm -u cyrus localhost > Password: > > localhost> sam m_sist group:m_sist lrw > setaclmailbox: group:m_sist: lrw: Invalid identifier > localhost> > > Meanwhile I have winbindd running in the foregroung and the above sam > command will cause no messages at all (i.e. it seems it isn't querying > winbindd for group information) > > If I change nsswitch back to sssd (which is pulling data from the same > samba4 server) and restart cyrus, it works: > > $ cyradm -u cyrus localhost > Password: > > localhost> sam m_sist group:m_sist lrw > localhost> > > The simple solution is to use sssd and forget about winbind, but I'm > curious: why one works and the other doesn't giving that group > enumeration works with both? 1. Are you running cyrus on a Domain Controller, or on a normal member server? 2. Which winbind/samba version(s) do you use? 3. smb.conf for the cyrus server? > > Bye > -- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas Systemadministrator TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz Mail/XMPP: sven.schwedas@xxxxxx | +43 (0)680 301 7167 http://software.tao.at
Attachment:
signature.asc
Description: OpenPGP digital signature
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
