ubuntu workstations connects to samba pdc but gets no group permissions
The current situation:
there is a samba PDC with ~50 XP workstations, all working fine for the last two years.
Cycle older hardware back into production by installing ubuntu on them. These workstations must authenticate against the domain, and must automatically mount a public, a user, and a department share that contains folders with various group permissions.
The added challenge:
Since the office where this lan is located is closed for the next week or so, the ubuntu workstation I am testing with is connecting via a site-to-site VPN. This is soon to be mandated as a requirement anyway, so if not done now it will have to be done later anyway. I mention this since it *may* be something that could be interfering with the success of my mission, however, given what does work, I do not think this is my culprit.
What does work:
Thanks to winbind, I can log into the ubuntu workstation via gdm with my domain credentials, and thanks to pam_mount my shares do mount correctly. I take this to mean my pam conf files are correct, along with nsswitch.conf.
wbinfo -p, -a, -t, and -u work on the workstation. getent passwd returns DOM\users.list
wbinfo -p, -t, -Y, -S, -G, -n, -s, etc, all work on the PDC. getent passwd returns a list from /etc/passwd and getent group returns a list from /etc/group.
A remotely controlled windows workstation on the lan works as expected.
What doesn't work:
wbinfo -g does not work on the ubuntu workstation or the PDC, there is no error, but they return no information. On the workstation, the domain user once logged in is put into a primary group of DOM\none, and is assigned 3 gids, but I can use wbinfo -G, -Y, -n, etc to query information about these groups on both PDC and workstation.
ls -al of the Department folder shows the group ownership of the directories as DOM\none.
It appears that winbind is not able to parse the group permissions at all, not for the user, nor for the folders.
is that someone can say that this problem of group permissions not being recognized has a typical cause (though several hours/days of google searching has revealed no such thing). However, I can provide a great deal of supporting information, as I have gone through documentation and testing extensively (though not extensively enough, apparently). For my own sanity, I put most things I tried into a text document so I could review it and look for errors in judgment, that doc ended up being some 1500 lines long, and doesn't include conf files. Rather than flooding this post, if someone is up for reviewing it, I can definitely make it and further supporting info available...