Expand groups with Samba 4.15

Robert Weilharter robert.weilharter at univie.ac.at
Tue Jun 28 12:23:45 UTC 2022

We have the following AD-setup:

Domain: USERS: Most regular users and groups exist in this domain
Subdomain: SERVER.USERS: samba server is joined in this domain

smb.conf has "winbind expand groups = 1"

After upgrade to 4.15 (latest version on RHEL 8) "wbinfo --group-info 
USERS\\somegroup" did not expand groupmembers.

Reason is, the default for "winbind scan trusted domains" changed to "no".

Queries for users in domain USERS with wbinfo still work as expected. 
Most queries regarding
groups do not work at all (group not shown) or give incomplete results 
(no group members expanded).

All queries for users and groups in SERVER.USERS work as expected.

After setting "winbind scan trusted domains = yes" everything works as 
it did with version 4.11.

The release notes for 4.15 state "`winbind scan trusted domains` will be 
deprecated in one of the next releases."

In our current setup this parameter is needed.

Is this expected behavior, or should we report a bug?



More information about the samba-technical mailing list