group acl with winbind

[Sven Schwedas]

On 2015-04-07 16:28, Luca Olivetti wrote:
> I'm currently using cyrus-imapd 2.4.17 and sssd to obtain nss groups
> from an openldap server.
> I have some group acl which are currently working fine.
> I'm testing the migration to samba4 as an active directory domain
> controller and I'm trying to use winbind instead of sssd (which works
> perfectly btw).
> The problem is that with winbind group acls don't work.
> Group enumeration (a pain to configure) works:
> 
> $ getent group | grep m_sist
> m_sist:x:674:ojeda,luca,calmet,rafa,oscar
> 
> But I cannot set acl on that group:
> 
> 
> $ cyradm -u cyrus localhost
> Password:
> 
> localhost> sam m_sist group:m_sist lrw
> setaclmailbox: group:m_sist: lrw: Invalid identifier
> localhost>
> 
> Meanwhile I have winbindd running in the foregroung and the above sam
> command will cause no messages at all (i.e. it seems it isn't querying
> winbindd for group information)
> 
> If I change nsswitch back to sssd (which is pulling data from the same
> samba4 server) and restart cyrus, it works:
> 
> $ cyradm -u cyrus localhost
> Password:
> 
> localhost> sam m_sist group:m_sist lrw
> localhost>
> 
> The simple solution is to use sssd and forget about winbind, but I'm
> curious: why one works and the other doesn't giving that group
> enumeration works with both?

1. Are you running cyrus on a Domain Controller, or on a normal member
server?

2. Which winbind/samba version(s) do you use?

3. smb.conf for the cyrus server?


> 
> Bye
> 

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20150407/c1bfbd3e/attachment.bin