Expand groups with Samba 4.15

Rowland Penny rpenny at samba.org
Tue Jun 28 12:50:10 UTC 2022

On Tue, 2022-06-28 at 14:23 +0200, Robert Weilharter via samba-
technical wrote:
> We have the following AD-setup:
> Domain: USERS: Most regular users and groups exist in this domain
> Subdomain: SERVER.USERS: samba server is joined in this domain

I take it, that by 'Domain' you mean 'netbios domain'. if so, you
shouldn't use a period in one, so your netbios domain should be
something like 'SERVERUSERS' or 'SERVER_USERS', a bit late now.

> smb.conf has "winbind expand groups = 1"
> After upgrade to 4.15 (latest version on RHEL 8) "wbinfo --group-
> info 
> USERS\\somegroup" did not expand groupmembers.
> Reason is, the default for "winbind scan trusted domains" changed to
> "no".
> Queries for users in domain USERS with wbinfo still work as
> expected. 
> Most queries regarding
> groups do not work at all (group not shown) or give incomplete
> results 
> (no group members expanded).
> All queries for users and groups in SERVER.USERS work as expected.
> After setting "winbind scan trusted domains = yes" everything works
> as 
> it did with version 4.11.
> The release notes for 4.15 state "`winbind scan trusted domains` will
> be 
> deprecated in one of the next releases."
> In our current setup this parameter is needed.
> Is this expected behavior, or should we report a bug?

Probably both.
I came to the same conclusion yesterday while replying to a post on the
samba mailing list, I was awaiting a reply to that, to confirm it one
way or another. It looks like I do not have to wait.


More information about the samba-technical mailing list