[Samba] wbinfo, net, getent and groups

Robert Steinmetz AIA rob at steinmetznet.com
Fri Jan 22 13:49:28 MST 2010 

I have two servers running Samba 2.3.3, one as a Domain Controller one 
as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and 
winbindd using the tdb back end are running on both.

I am don't understand the results. As far as I can tell I have 
everything configured as it should be.

The basic globals for the DC

[global]
         workgroup = ATLANTA
         time server = Yes
         hostname lookups = Yes
         domain logons = Yes
         preferred master = Yes
         domain master = Yes
         wins support = Yes
         idmap uid = 10000-20000
         idmap gid = 10000-20000
         winbind enum users = Yes
         winbind enum groups = Yes
         hide dot files = No


The glbals for the Member Server

[global]
         workgroup = ATLANTA
         security = DOMAIN
         password server = 192.168.1.24
         name resolve order = wins bcast hosts
         wins proxy = Yes
         wins server = 192.168.1.24
         idmap uid = 10000-20000
         idmap gid = 10000-20000
         template shell = /bin/bash
         winbind enum users = Yes
         winbind enum groups = Yes
         hosts allow = 192.168.1.0/255.255.255.0

getent does not return the names on any domain groups or users.

wbinfo does return the names on domains groups and users.

BUILTIN\administrators
BUILTIN\users
ATLANTA\domain users
ATLANTA\domain guests
ATLANTA\domain admins

net groupmap list  on the DC shows mapping to groups

Backup Operators (S-1-5-32-551) -> backup
Power Users (S-1-5-32-547) -> atlanta
Replicators (S-1-5-32-552) -> staff
Domain Users (S-1-5-21-4166445610-3302986456-3838465043-513) -> samba
Domain Guests (S-1-5-21-4166445610-3302986456-3838465043-514) -> nogroup
Administrators (S-1-5-32-544) -> staff
Account Operators (S-1-5-32-548) -> account
Users (S-1-5-32-545) -> samba
Print Operators (S-1-5-32-550) -> print
Guests (S-1-5-32-546) -> nogroup
System Operators (S-1-5-32-549) -> operator
Domain Admins (S-1-5-21-4166445610-3302986456-3838465043-512) -> staff

net groupmap list on the Member Server shows only the builtin in groups

Administrators (S-1-5-32-544) -> BUILTIN\administrators
Users (S-1-5-32-545) -> BUILTIN\users

-- 
Robert Steinmetz, AIA
Principal
Steinmetz & Associates

More information about the samba mailing list