[Samba] RE: wbinfo - Missing Domain Groups
RyanFrantz at informed-llc.com
Tue Jun 22 20:17:34 GMT 2004
In delving deeper into my problem, I have found one common denominator
in all of the domain groups that are not presented when I run 'wbinfo
-g'. Each of them is set up with a Global Scope of 'Domain Local'. The
other options available for this configuration setting are 'Global'
(these groups show up!), and 'Universal' (don't have any of these).
I don't know much about this setting. Any MCSEs out there that do?
I could recreate those groups, but I'm worried that it may impact my
current protections since a new SID will be created.
Anybody have any ideas? Can winbind be configured to see these types of
groups as well?
See my original post below for more information.
From: Ryan Frantz
Sent: Thursday, June 17, 2004 6:26 PM
To: 'samba at lists.samba.org'
Subject: wbinfo - Missing Domain Groups
Has anybody found that the 'wbinfo' command does not list all groups in
a Windows domain?
Here's what's in my playground:
Windows 2000 Server SP4 PDC
RH 9 (2.4.20-6)
MIT Kerberos 1.3.3
--begin 'smb.conf' snip-
winbind separator = .
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
security = ads
password server = *
; passdb backend = tdbsam
--end 'smb.conf' snip-
As you can see, I have Samba (winbind, really) configured to enumerate
users and groups. However, when I run 'wbinfo -g' the output does not
show all of my Windows groups. Neither does 'getent group'. I'm
looking for something in the Windows/domain configuration but haven't
found anything yet.
This is hindering me from deploying a Samba file server as some of those
'missing' groups own sensitive directories on our aging (Windows) file
Anyone have any ideas?
More information about the samba