Expand groups with Samba 4.15
Robert Weilharter
robert.weilharter at univie.ac.at
Tue Jun 28 12:23:45 UTC 2022
We have the following AD-setup:
Domain: USERS: Most regular users and groups exist in this domain
Subdomain: SERVER.USERS: samba server is joined in this domain
smb.conf has "winbind expand groups = 1"
After upgrade to 4.15 (latest version on RHEL 8) "wbinfo --group-info
USERS\\somegroup" did not expand groupmembers.
Reason is, the default for "winbind scan trusted domains" changed to "no".
Queries for users in domain USERS with wbinfo still work as expected.
Most queries regarding
groups do not work at all (group not shown) or give incomplete results
(no group members expanded).
All queries for users and groups in SERVER.USERS work as expected.
After setting "winbind scan trusted domains = yes" everything works as
it did with version 4.11.
The release notes for 4.15 state "`winbind scan trusted domains` will be
deprecated in one of the next releases."
In our current setup this parameter is needed.
Is this expected behavior, or should we report a bug?
Thanks,
Rober
More information about the samba-technical
mailing list