getent group returns only few groups on solaris

Gopal Bhat gbhat at
Thu Feb 27 21:31:43 GMT 2003

Hi All,
     I was able to get 'winbind' configured on my Solaris-9 system and 
authenticate Windows domain users, but I have three problems:
    Server OS; Solaris 9, MU2
    SAmba version: 2.2.7    (also tried 2.2.8prel , but same problem)
    Tried 'winbind enum users/groups' both true and false
    Client OS:  Windows XP, WinNT4.0
    nsswitch.conf entries:    passwd:    files winbind
                                        group: files winbind
    nscd is turned off on the Solaris System.
    Number of Users in NT domain:  20000
     Number of Groups in NT domain:  7000

1)  'getent passwd'  works great, and returns all the users from local 
files and windows domain as well, but 'getent group' returns all the 
groups in the /etc/group file and only few groups from the WinNT Domain. 
Is there a way to make 'getent group' return all the groups in winNt Domain?
2) I can share a directory from the Solaris 9 system with WinNT/WinXP 
clients without any problem. But, whenever I make changes to ACLs using 
Windows File Property - Security editor (on Win XP), I can not do 'ls 
-l' on the same directory by logging into Solaris system(as root or the 
owner of the file). Also, 'getfacl  <filename>'  fails on the same 
directory, where as I can see the changed  File ACLs from my Windows XP 
system without any problem.

3) I don't know wether the following problem is related to the one of 
the above two, but here is the thrid problem:
I created a SAMBA share  \\server\TestShare (On UNIX it is 
/export/SMB/TestShare) with owner as 'DOMAIN\TestUser'.  
root# ls -ld TestShare
drwxrws---+  3 DOMAIN\TestUser other        512 Feb 27 10:33 TestShare

I modified the ACLs on this share by logging in as user: 
'DOMAIN\TestUser' from my WinXP client to allow the members of group 
'DOMAIN\TestGroup' to  read and list  this share.  When I log in as a 
different user 'DOMAIN\TestUser1' (Member of DOMAIN\TestGroup) to my 
WinXP(or NT) and try to access this share I get the error "Access Denied 
or Network Name Not Found".

Also, the client log on the server shows the following:

[2003/02/27 13:13:40, 0] smbd/sec_ctx.c:initialise_groups(244)
  Unable to initgroups. Error was Not owner
[2003/02/27 13:13:40, 0] smbd/sec_ctx.c:initialise_groups(247)
  This is probably a problem with the account domain\testuser1
[2003/02/27 13:13:40, 0] smbd/service.c:make_connection(599)
  kka6trvy-a ( Can't change directory to /export/SMB

    Any tips towards solving these problems will be greatly appreciated.


More information about the samba-technical mailing list