[Samba] Re: winbind can see some groups but not others
Jonathan C. Detert
detertj at msoe.edu
Fri Feb 10 21:01:36 GMT 2006
* detertj <detertj> [060208 14:45]:
> Hello,
>
> I followed the steps at
> http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
> for adding a v3.0.21a samba and winbindd server to a MsAD domain and
> configuring nsswitch.conf to find passwd and group info from winbind.
>
> This seems to have worked out fine, except that I can't 'see' or
> 'recognize' certain groups via getent or via wbinfo -g.
>
> E.g. I can see the 'ccsd-staff' group via getent and wbinfo -g, but i
> don't see the 'ccsd-dept-www' group via either.
-- snip --
> Anyone know what's wrong or have an idea of how to debug? Thanks
I just stumbled on the explanation and solution:
'wbinfo -g' and 'getent group' use the samaccountname attribute of the
group object, but for my 'missing' groups, the samaccountname attrib
value was not the same as the 'cn' and 'name' attribs value.
Once I set the samAccountName value to be the same as the
cn, the 'missing' groups were no longer missing from 'wbinfo -g' or
'getent group'.
The 'missing' groups had been created by me via a script using ldap. At
the time i created them, i didn't know that i needed to also set the
'samaccountname' attribute, so it was getting automagically set with a
seemingly arbitrary value. The MsAD-U&G app never give any indication
that the 2 weren't in synch.
--
Happy Landings,
Jon Detert
IT Systems Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A.
More information about the samba
mailing list