Winbind : Strange groups behavior, AIX 5.3 with 3.0.26a

Jérôme Oufella jerome.oufella at
Wed Oct 24 13:43:43 GMT 2007

We set up winbind on AIX 5.3.
The link is working fine except with a particular point : windows-based
users are unable to get their group membership info in some cases :

Here's an operation log :
# As a local user, id and id myusername report the same thing.
root at srv1:/# id
uid=0(root) gid=0(system)
root at srv1:/# id root
uid=0(root) gid=0(system)

# Now let's become a winbind user
root at srv1:/# su winuser1

# id just reports the user's native group.
winuser1 at srv1:/#id
uid=10013(winuser1) gid=10002(domain users)

# While id username reports the whole group list.
winuser1 at srv1:/$ id winuser1
uid=10013(winuser1) gid=10002(domain users)

# lsuser seems to miss the groups= attribute, while listing a
windows-based user :
root at srv1:/#lsuser root
root id=0 pgrp=system groups=system,bin,sys,security,cron,audit,lp
home=/ shell=/usr/bin/ksh
root at srv1:/etc/samba #lsuser winuser1
winuser1 id=10013 pgrp=domain users home=/home/PROD/winuser1
shell=/bin/sh gecos=winuser1 registry=WINBIND roles= id=10013 pgrp=dom
in users home=/home/PROD/winuser1 shell=/bin/sh pgid=10002
gecos=winuser1 shell=/bin/sh pgrp=domain users SID=S-1-5-something-91354

One of the results is we cannot use group-based permissions on the
filesystem (other than the native user's group).

Has anyone a clue about what's happening ?
Any help will be greatly appreciated.
Thanks in advance.

Jerome Oufella

More information about the samba-technical mailing list