samba4 - strange inconsistency in group membership
"Dr. Hansjörg Maurer"
hansjoerg.maurer at itsd.de
Tue Jul 22 14:23:37 MDT 2014
Hi
found the reason for this behavior and therefore will answer below the
question here myself...
Am 21.07.2014 15:16, schrieb Dr. Hansjoerg Maurer:
> Hi
>
>
>
> we have a samba4 based AD and I put several users into a windows group test_group using MMC.
>
>
> The group membership is shown, if I query it using
>
> samba-tool group listmembers test_group
> ...
> and if a do an
> id -a
> on a user in this group (using winbind on the samba4 AD-DC)
>
>
>
> But if I query the group using
>
> ldapsearch -P 3 -x -W -D "CN=A,OU=Users,DC=TEST-AD,DC=LAN" -H ldap://localhost -b "DC=TEST-AD,DC=LAN" -s sub "(cn=test_group)"
>
> member: CN=Firstname Lastname,OU=Users,DC=TEST-AD,DC=LAN
>
> ...
>
>
> or
>
>
> ldbedit -e vi -H /etc/samba/sam.ldb
>
>
> only some (about the half) members of the group are shown.
> What could be the reason for this inconsitency
The users, which are not listed as member of the group using ldapsearch
or ldbedit,
became member of the group by setting the group as there primaryGroupID.
Therefore this implicit membership ist not added as an explicit member
in the group object.
Unix (winbind) and Windows (MMC) honor and resolve this implicit membership.
The ldap query above does not.
Regards
Hansjörg
>
> Regards
>
> Hansjörg
>
>
>
>
>
>
>
More information about the samba-technical
mailing list