[Samba] RE: wbinfo - Missing Domain Groups

Ryan Frantz RyanFrantz at informed-llc.com
Tue Jun 22 20:17:34 GMT 2004

In delving deeper into my problem, I have found one common denominator
in all of the domain groups that are not presented when I run 'wbinfo
-g'.  Each of them is set up with a Global Scope of 'Domain Local'.  The
other options available for this configuration setting are 'Global'
(these groups show up!), and 'Universal' (don't have any of these).

I don't know much about this setting.  Any MCSEs out there that do?

I could recreate those groups, but I'm worried that it may impact my
current protections since a new SID will be created.

Anybody have any ideas?  Can winbind be configured to see these types of
groups as well?

See my original post below for more information.



-----Original Message-----
From: Ryan Frantz 
Sent: Thursday, June 17, 2004 6:26 PM
To: 'samba at lists.samba.org'
Subject: wbinfo - Missing Domain Groups

Has anybody found that the 'wbinfo' command does not list all groups in
a Windows domain?

Here's what's in my playground:

Windows 2000 Server SP4 PDC

RH 9 (2.4.20-6)
OpenSSL 3.8p1
MIT Kerberos 1.3.3
Samba 3.0.4

--begin 'smb.conf' snip-

   winbind separator = .
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   winbind enum users = yes
   winbind enum groups = yes

   security = ads

   password server = *

;   passdb backend = tdbsam

--end 'smb.conf' snip-

As you can see, I have Samba (winbind, really) configured to enumerate
users and groups.  However, when I run 'wbinfo -g' the output does not
show all of my Windows groups.  Neither does 'getent group'.  I'm
looking for something in the Windows/domain configuration but haven't
found anything yet.

This is hindering me from deploying a Samba file server as some of those
'missing' groups own sensitive directories on our aging (Windows) file

Anyone have any ideas?


More information about the samba mailing list