Winbindd and Domain local groups

Andreas Schneider asn at
Wed Nov 6 01:11:44 MST 2013

On Tuesday 05 November 2013 04:07:25 Solaiyappan Perichiappan wrote:
> Hi,


> I have been trying to use Winbindd in SLES 11 SP3 (Samba version
> 3.6.3-17.25.1) to fetch AD (Windows 2008 R2) identities into the Linux box
> and currently running into some problem w.r.t domain local groups and
> thought I could get some help here..
> I have a two domain setup, in which DOMAIN1 is the parent domain and DOMAIN2
> is the child domain. I have 2 users DOMAIN1\user1, DOMAIN2\user2 and they
> are part of a global group DOMAIN1\group1 and DOMAIN2\group2 respectively.
> I have joined my SLES box to the DOMAIN1 (net ads join -U Administrator). I
> have also created a new domain local group in DOMAIN2 called
> DOMAIN2\domainlocal2 and added DOMAIN1\group1 and DOMAIN2\group2 as members
> of this domain local group.
> With this setup, if I see wbinfo --user-sids=<SID of DOMAIN2\user2> or 
> wbinfo --user-domgroups=<SID of DOMAIN2\user2>, I could see that the user
> is a member of DOMAIN2\domainlocal2 (along with the global group
> DOMAIN2\group2). But, If I do the same thing for the user DOMAIN1\user1, I
> don't find DOMAIN2\domainlocal2 as a valid group (I could find the global
> group DOMAIN1\group1 in the list)

I've fixed a lot of bugs in this area. Could you try with the latest 3.6.x 

	-- andreas

Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at

More information about the samba-technical mailing list