Winbind doesnt enumerate more than one group from an AD domain

Gareth Davies gdavies at willowbrook.co.uk
Fri Oct 25 13:21:01 GMT 2002


----- Original Message -----
From: "James Braid" <James.Braid at corp.peace.com>
To: <samba-technical at lists.samba.org>
Sent: Friday, October 25, 2002 1:45 PM
Subject: Winbind doesnt enumerate more than one group from an AD domain


> Hi all,
>
> I have been having some problems with winbind not seeing all the groups
that users on my AD domain are in. Upon further investigation, it seems that
winbind only enumerates one group.
>
> Doing a 'wbinfo -r $AD_USER' only shows one group (even if the AD user
belongs to many groups, doesnt matter what type of AD groups they are
either), but if I do a 'wbinfo -r $NT4_USER', winbind will show all the
groups that the NT4 user is in, where $NT4_USER is a user on the NT4 domain
and $AD_USER is a user on the AD domain.
>
> The odd thing is, the users show up in the groups fine if I do 'getent
group' for example.
>
> I am running Debian unstable with Samba 2.999+3.0.alpha20-3.
>
> Why am I posting here? I logged a bug, but I was advised to post here for
stuff to do with Samba 3.0...
>
> Any pointers or suggestions on how to debug this further and or fix it
would be greatly appreciated. Let me know if more details are needed.
>
> Thanks, James

I had the same problem aswell..

I found it was due to the fact the groups weren't 'Global' groups only
'Local' groups...

Apparently they need to be Global or Universal to be shown by Winbind.

I haven't tried 3 yet though so I'm not really sure.

HTH

             Shaolin - IT Systems
                     WB Ltd.
.: http://www.security-forums.com :.





More information about the samba-technical mailing list