getent group returns only few groups on solaris
gbhat at taos.com
Thu Feb 27 21:31:43 GMT 2003
I was able to get 'winbind' configured on my Solaris-9 system and
authenticate Windows domain users, but I have three problems:
Server OS; Solaris 9, MU2
SAmba version: 2.2.7 (also tried 2.2.8prel , but same problem)
Tried 'winbind enum users/groups' both true and false
Client OS: Windows XP, WinNT4.0
nsswitch.conf entries: passwd: files winbind
group: files winbind
nscd is turned off on the Solaris System.
Number of Users in NT domain: 20000
Number of Groups in NT domain: 7000
1) 'getent passwd' works great, and returns all the users from local
files and windows domain as well, but 'getent group' returns all the
groups in the /etc/group file and only few groups from the WinNT Domain.
Is there a way to make 'getent group' return all the groups in winNt Domain?
2) I can share a directory from the Solaris 9 system with WinNT/WinXP
clients without any problem. But, whenever I make changes to ACLs using
Windows File Property - Security editor (on Win XP), I can not do 'ls
-l' on the same directory by logging into Solaris system(as root or the
owner of the file). Also, 'getfacl <filename>' fails on the same
directory, where as I can see the changed File ACLs from my Windows XP
system without any problem.
3) I don't know wether the following problem is related to the one of
the above two, but here is the thrid problem:
I created a SAMBA share \\server\TestShare (On UNIX it is
/export/SMB/TestShare) with owner as 'DOMAIN\TestUser'.
root# ls -ld TestShare
drwxrws---+ 3 DOMAIN\TestUser other 512 Feb 27 10:33 TestShare
I modified the ACLs on this share by logging in as user:
'DOMAIN\TestUser' from my WinXP client to allow the members of group
'DOMAIN\TestGroup' to read and list this share. When I log in as a
different user 'DOMAIN\TestUser1' (Member of DOMAIN\TestGroup) to my
WinXP(or NT) and try to access this share I get the error "Access Denied
or Network Name Not Found".
Also, the client log on the server shows the following:
[2003/02/27 13:13:40, 0] smbd/sec_ctx.c:initialise_groups(244)
Unable to initgroups. Error was Not owner
[2003/02/27 13:13:40, 0] smbd/sec_ctx.c:initialise_groups(247)
This is probably a problem with the account domain\testuser1
[2003/02/27 13:13:40, 0] smbd/service.c:make_connection(599)
kka6trvy-a (10.81.105.121) Can't change directory to /export/SMB
Any tips towards solving these problems will be greatly appreciated.
More information about the samba-technical