[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3016-ga2c3131

simo idra at samba.org
Fri Sep 12 13:10:02 GMT 2008 

On Fri, 2008-09-12 at 13:59 +0200, Karolin Seeger wrote:
> Simo,
> 
> On Thu, Sep 11, 2008 at 09:21:34PM +0000, simo wrote:
> > On an AD DC, cretaed a user and 3 groups, nested the groups into each
> > other and to the last one added the user.
> > 
> > joined a samba server to the domain
> > 
> > set winbind use default domain = yes
> > 
> > ran 'id username' to see the memberships
> > ran also 'getent group'
> > 
> > That's about it.
> > 
> > ... re-reading bug ...
> > 
> > Ok re-reading the bug seem to confuse things a bit.
> > 
> > The real bug here is that
> > 
> > id username may return group names that are fully qualified when they
> > should not be eg: DOMAIN\group1, DOMAIN\group2 ... instead of correctly
> > returning just groups1, group2 ...
> > 
> > 
> > I was never able to reproduce the lack of group membership.
> 
> Cannot reproduce that one, also.
> 
> While trying to reproduce, I came accross the following issue:
> -----8<------------------snip--------------8<--------------
> bando:/usr/local/samba/var/locks # rm netsamlogon_cache.tdb
> winbindd_cache.tdb winbindd_idmap.tdb
> bando:/usr/local/samba/var/locks # cd ../..
> bando:/usr/local/samba # ./sbin/winbindd
> bando:/usr/local/samba # id willy
> uid=10000(willy) gid=10000(domänen-benutzer)
> Gruppen=10000(BUILTIN+administrators),10323(group00404)
> bando:/usr/local/samba # id willy
> uid=10000(willy) gid=10000(BUILTIN+administrators)
> Gruppen=10000(BUILTIN+administrators),10323(group00404)
> ----->8------------------snap-------------->8--------------
> 
> Looks strange...
> 
> Additionally, I cannot reproduce the nested groups thing.
> I added willy to a new group and added that group to another group. id
> always returns the membership of the first group. The second one is
> missing with and without your patch. What am I missing?

I think you have to change 'winbind expand groups'.
By default it is set to 1 (therefore no nesting), I had it set to
something like 32 IIRC.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <simo at redhat.com>

More information about the samba-technical mailing list