AD: problems with group permissions on linux host

Hi,

I have configured AD user/group authentication/authorisation under SuSe 11.0 . (Samba winbind was used)

When I specify users from my domain in "Permissions" vmWare WebUI, the authentication works perfekt.

But, when I use only the domain groups there, I cannot login to the WebUI - it just sais "You do not have permissions to login to the server." .

PAM sais, that everything is ok, the user is authentified:

     Sep 26 13:51:23 virtix /usr/lib/vmware/bin/vmware-hostd[4095]: pam_winbind(vmware-authd:auth): getting password (0x00000390)
     Sep 26 13:51:23 virtix /usr/lib/vmware/bin/vmware-hostd[4095]: pam_winbind(vmware-authd:auth): pam_get_item returned a password
     Sep 26 13:51:23 virtix /usr/lib/vmware/bin/vmware-hostd[4095]: pam_winbind(vmware-authd:auth): user 'yarick' granted access
     Sep 26 13:51:23 virtix /usr/lib/vmware/bin/vmware-hostd[4095]: pam_winbind(vmware-authd:account): user 'yarick' OK
     Sep 26 13:51:23 virtix /usr/lib/vmware/bin/vmware-hostd[4095]: pam_winbind(vmware-authd:account): user 'yarick' granted access
     Sep 26 13:51:23 virtix /usr/lib/vmware/bin/vmware-hostd[4095]: Accepted password for user yarick from 127.0.0.1

The vmWare Server in permissions management dialog gets correct groups from the AD, moreoverthe vmWare Server determs domain users from the domain groups.

It seems, that during the web Login, the server cannot check that the logging in user is in the allowed group. It loggs the next data to /var/log/vmware/hostd.log :

2008-09-26 14:01:50.787 'Vimsvc' 1096800592 info- : User yarick
2008-09-26 14:01:50.788 'ha-eventmgr' 1096800592 info- Event 75 : Failed to login user yarick@127.0.0.1: No permission
2008-09-26 14:01:50.788 'PropertyProvider' 1096800592 verbose- RecordOp ASSIGN: latestEvent, ha-eventmgr
2008-09-26 14:01:50.788 'Vmomi' 1096800592 info- Activation N5Vmomi10ActivationE:0x4aa93e0 : Invoke done on -vim.SessionManager:ha-sessionmgr-
2008-09-26 14:01:50.788 'Vmomi' 1096800592 info- Throw vim.fault.NoPermission
2008-09-26 14:01:50.788 'Vmomi' 1096800592 info- Result:
(vim.fault.NoPermission) {
dynamicType = <unset>,
object = 'vim.Folder:ha-folder-root',
privilegeId = "System.View",
msg = ""
}

Any idea, how AD groups permissions can be configured ?

Regards,

Yarick.

P.S. My profile:

VMware-server-2.0.0-116503-x86_64, openSuSe 11.0 x86_64