s4: Groups not showing up on OS X

Michael Wood esiotrot at gmail.com
Thu Jun 3 09:50:33 MDT 2010 

Hi

I've set up a test Samba4 machine and joined an OS X 10.6 (Snow
Leopard) server to the domain.  In Workgroup Manager I can see the
users and I can use "id" to see UID and primary GID etc., but the
Active Directory groups that the user belongs to are nowhere to be
found.

Workgroup Manager just shows no groups.
id shows the primary group ID, but no group name and no other AD
groups that the user belongs to.
The command line dscl tool shows:

# dscl
Entering interactive mode... (type "help" for commands)
> ls
Active Directory
BSD
Local
Contact
Search
> cd /Active\ Directory/
/Active Directory > ls
All Domains
/Active Directory > cd All\ Domains/
/Active Directory/All Domains > ls
CertificateAuthorities
Computers
FileMakerServers
Groups
People
Printers
Users
/Active Directory/All Domains > cd Groups
/Active Directory/All Domains/Groups > ls
No RecordName
No RecordName
No RecordName
No RecordName
No RecordName
No RecordName
No RecordName
No RecordName
No RecordName
No RecordName
No RecordName
No RecordName
No RecordName
No RecordName
No RecordName
No RecordName
/Active Directory/All Domains/Groups >

I can read the attributes of a particular group, though.

e.g.:

/Active Directory/All Domains/Groups > read "Domain Users"
dsAttrTypeNative:ADDomain: samba.example.org
dsAttrTypeNative:CN:
 Domain Users
dsAttrTypeNative:description:
 All domain users
dsAttrTypeNative:distinguishedName:
 CN=Domain Users,CN=Users,DC=samba,DC=example,DC=org
dsAttrTypeNative:dn:
 CN=Domain Users,CN=Users,DC=samba,DC=example,DC=org
dsAttrTypeNative:groupType: -2147483646
dsAttrTypeNative:instanceType: 4
dsAttrTypeNative:isCriticalSystemObject: TRUE
dsAttrTypeNative:memberOf: CN=Users,CN=Builtin,DC=samba,DC=example,DC=org
dsAttrTypeNative:name:
 Domain Users
dsAttrTypeNative:objectCategory:
CN=Group,CN=Schema,CN=Configuration,DC=samba,DC=example,DC=org
dsAttrTypeNative:objectClass: top group
dsAttrTypeNative:objectSid:
 01050000 00000005 15000000 72d401f1 ea359bf2 85133f11 01020000
dsAttrTypeNative:sAMAccountName:
 Domain Users
dsAttrTypeNative:sAMAccountType: 268435456
dsAttrTypeNative:uSNChanged: 3544
dsAttrTypeNative:uSNCreated: 3544
dsAttrTypeNative:whenChanged: 20100524102721.0Z
dsAttrTypeNative:whenCreated: 20100524102721.0Z
AppleMetaNodeLocation:
 /Active Directory/samba.example.org
Comment:
 All domain users
GeneratedUID: EB5E2F81-CA46-48D9-8FCC-8F99E04E6BCC
Password: *
PrimaryGroupID: 1801334657
RecordName:
 No RecordName
RecordType: dsRecTypeStandard:Groups
SMBSID: S-1-5-21-4043428978-4070258154-289346437-513

Where should I look to fix this?

Thanks.

More information about the samba-technical mailing list