mapping UID to uidNumber breaks lookup of secondary groups
Hello,
we have our Macs bound to an Active Directory Server 2008 R2 with Unix-Extensions. In Snow leopard, we used to map UID to uidNumber in Directory Uitility. Doing so in Lion on hitherto unknown accounts breaks lookup of secondary groups. In the examble below, janeroe is a valid AD account that was never logged into the computer, johndoe (see further down) logged in before.
nb:~ admin$ id janeroe
id: failed to retrieve group list: Undefined error: 0
uid=33333(janeroe) gid=100(_lpoperator)
This throws the following error in /var/log/system.log:
Jul 26 15:35:13 nb opendirectoryd[13]: GetGroups couldn't find uid 33333
Or, using groups:
nb:~ admin$ groups janeroe
groups(516) malloc: *** error for object 0x7fff67eb1bd0: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug
Abort trap: 6
output in system.log is similar:
Jul 26 15:35:07 nbcale opendirectoryd[13]: GetGroups couldn't find uid 33333
Jul 26 15:35:07 nbcale ReportCrash[511]: Saved crash report for groups[510] version ??? (???) to /Users/admin/Library/Logs/DiagnosticReports/groups_2011-07-26-153507_......cras h
Users are nevertheless able to log into their mobile account and after logging in once their secondary groups are listed fine:
nb:~ admin$ id johndoe
uid=30377(johndoe) gid=100(_lpoperator) groups=100(_lpoperator),403(com.apple.sharepoint.group.2),405(com.apple.sharepo int.group.4),12(everyone),62(netaccounts),402(com.apple.sharepoint.group.1)
nb:~ admin$ groups johndoe
_lpoperator com.apple.sharepoint.group.2 com.apple.sharepoint.group.4 everyone netaccounts com.apple.sharepoint.group.1
AD integration with standard plug-in seems worse than in Snow leopard...
Anyone having the same problem? Or better anyone any idea of how to solve this issue?
Thanks,
Peter
Mac OS X (10.7)