Group names don't resolve in SMB share

[bmh.01]

https://bugs.freenas.org/issues/6323

The issue I have looks very similar to this one on the bug tracker but rather than pollute that I thought i'd post here first as i'm not 100% it is the same problem.

The freenas install/config on my main general nas box is quite old having been upgraded from early on in v8, although I possibly started from scratch with 8.3.

Groups that were created on the initial config do not resolve in windows I just get account unknown and the SID shown, if I create a new user/group or assign one that was creating more recently (circa 12 months ago but I can't be exact) then it will work and resolve in windows. These groups are added as extra v4 acls on the files/folders in the dataset, with root/wheel as the unix owning user/group, these do resolve.

"net groupmap list" is empty which i'm not sure whether this is a) correct behaviour and b) anything to do with this problem.

The only thing I do notice is the SID that is returned for the account unknown entry the last 4 numbers seem to reflect the unix gid number which for the assigned group is 1001 but the SID entry has 1003 as the last 4 numbers.

Anyone experienced this before or know of anything I can look at to try and resolve it? Google hasn't helped me at this point but i'm still trying.

 

[dlavigne]

Did you make any headway with this?

 

[bmh.01]

Yes, it presently seems to be working although annoying exactly how i'm not sure. The last time i'd tried it wasn't.

I forgot to mention in the previous post that i'd found a set of historical mappings in the output from "net groupmap list" which did point to what looked like incorrect GIDs referencing the old accounts, thinking i'd found the issue I did a net groupmap cleanup and then a net groupmap delete to remove any others left over. I then tried creating a few test users/groups to see if this was populating groupmap to see if this would give the correct mappings. But as I mentioned in the O/P it wasn't so it was empty but I wasn't sure if this was the correct behaviour or not after researching samba group mapping.

The last time I looking into this it was still returning the previous SID with the incorrect looking last four digits which I assume are the BSD GID. Having just starting to look into this again after seeing the post notification email everything is working.

The way the groups are returned as "Unix Gruop\xxx" does make me think that the lack of a groupmap entry may be correct.

So really i'm not sure what 100% "fixed" it as the only concrete thing i've done is clear the samba groupmap, I guess at one point (v8.x) groupmap was populated as new users were created?