Mutilple AD Group resolution using wbinfo- Solved!!!
Dave Augustus
davea at support.kcm.org
Thu Dec 4 19:43:22 GMT 2003
Hello All,
(I post this to the list for future googlers) :)
It appears that in my attempts at integrating Squid and Samba 3 to a
W2k3 AD setup, the groups became out-of-sync between the W2K3 server and
the Samba server.
The problem (as noted below) went away when I deleted the contents of
/var/cache/samba and restarted samba and winbindd.
I then scratched my head some more, trying to figure out how the 2
servers got out-of-sync. It happened, at least partially, because I had
deleted a Group on the W2K3 server and then recreated it using the same
name.Then, restarting Samba and Winbindd recreated those deleted files
with up to date information.
So really, only one question remains, how does this information become
replicated accurately between the W2K3 server and the Samba 3 server?
Thank You, Samba Gang!!!
--Dave
On Tue, 2003-12-02 at 16:56, Dave Augustus wrote:
> Hello all,
>
> I am working on getting squid to authenticate to a W2K3 AD setup using
> Samba 3 and have run into what appears to be a roadblock. Any insight or
> workarounds are most appreciated!
>
> Software setup:
> Samba3 compiled with Kerberos 1.3.1 on Redhat 9
> Windows 2003 Enterprise running AD (Windows 2003 Functional Level)
>
> My client user is called "surfer" and is in 2 groups: Domain Users and
> AuthorizedUsers.
>
> Show the list of groups that "surfer" is a member of:
>
> wbinfo -r surfer
>
> returns:
> 10005 (which is the group for Domain Users)
>
>
> Shouldn't I see the other group listed as well?
>
>
> Doing:
> wbinfo -n "AuthorizedUsers"
>
> returns:
> S-1-5-21-2746575337-427122046-3347170240-1134 4
>
> Then,
> wbinfo -Y "S-1-5-21-2746575337-427122046-3347170240-1134 4"
>
> returns:
> 10017
>
> Shouldn't this number be listed as well?
>
> Thanks,
> --Dave Augustus
>
>
More information about the samba-technical
mailing list