[Samba] "id" and "id username" don't match up when using Winbind groups

Graeme Humphries graeme.humphries at vcom.com
Tue Jun 7 17:45:07 GMT 2005


I've got a file server running Ubuntu / hoary, with Samba/Winbind
version 3.0.14a. We moved to this new(er) version because we recently
upgraded to Windows Server 2003 SP1, and so anything older than this was
horribly broken.

Unfortunately, our group problems don't appear to be completely gone.
I've got the PAM and NSS winbind stuff setup so that domain users appear
to be local users, but group membership seems to be still weirdly

"getent group network-group-name" shows that certain users are in a
group. "id username" shows that the user belongs to that group. But if I
"su - username && id", the group is mysteriously missing. As a result,
certain users cannot get into certain directories whose access is
controlled via group, whether it's on the commandline, through a Samba
share, or whatever else.

It's not all network groups that are affected, just a few ones at
random. However, it is consistent in that if a user is having problems
with a certain group, you can add and remove them from that group any
number of times, and they will always have problems with that group.

Any suggestions on how to fix / debug / workaround this problem would be
*greatly* appreciated.

Graeme Humphries

More information about the samba mailing list