Expand groups with Samba 4.15
Rowland Penny
rpenny at samba.org
Tue Jun 28 12:50:10 UTC 2022
On Tue, 2022-06-28 at 14:23 +0200, Robert Weilharter via samba-
technical wrote:
> We have the following AD-setup:
>
> Domain: USERS: Most regular users and groups exist in this domain
> Subdomain: SERVER.USERS: samba server is joined in this domain
I take it, that by 'Domain' you mean 'netbios domain'. if so, you
shouldn't use a period in one, so your netbios domain should be
something like 'SERVERUSERS' or 'SERVER_USERS', a bit late now.
>
> smb.conf has "winbind expand groups = 1"
>
> After upgrade to 4.15 (latest version on RHEL 8) "wbinfo --group-
> info
> USERS\\somegroup" did not expand groupmembers.
>
> Reason is, the default for "winbind scan trusted domains" changed to
> "no".
>
> Queries for users in domain USERS with wbinfo still work as
> expected.
> Most queries regarding
> groups do not work at all (group not shown) or give incomplete
> results
> (no group members expanded).
>
> All queries for users and groups in SERVER.USERS work as expected.
>
> After setting "winbind scan trusted domains = yes" everything works
> as
> it did with version 4.11.
>
> The release notes for 4.15 state "`winbind scan trusted domains` will
> be
> deprecated in one of the next releases."
>
> In our current setup this parameter is needed.
>
> Is this expected behavior, or should we report a bug?
Probably both.
I came to the same conclusion yesterday while replying to a post on the
samba mailing list, I was awaiting a reply to that, to confirm it one
way or another. It looks like I do not have to wait.
Rowland
More information about the samba-technical
mailing list