[Samba] Wrong groups with 'wbinfo -r user' but right groups with
'id user'
Francois Toussenel
ft at inl.fr
Thu Oct 26 16:55:58 GMT 2006
Hello,
Using samba 3.0.23c on Debian 3.1 (package version 3.0.23c-1~bpo.1 from
sarge-backports) or version 3.0.14a (package version 3.0.14a-3sarge2 from
sarge), I experience the following problem on a file server on a Windows
2003 domain with Active Directory.
Some test user can access group shares of groups he is not in, or
cannot access group shares of groups he is in. The output of the
following 2 commands show different group IDs:
wbinfo -r 'DOMAIN\test_user'
id 'DOMAIN\test_user'
The first command shows a total of 30 GIDs, some of which are correct and
some are not. The second command shows 14 groups, all of which seem to be
correct (except that using version 3.0.23c from the backports, I get a
spurious GID which does not have a group name, but this might be a side
issue).
Another test I ran was the command id (without arguments) after
"su - 'DOMAIN\test_user'". This also shows 30 groups, as with the first
command.
It seems to me that my problem might not be really similar to the
problem(s) described in those 2 messages:
http://lists.samba.org/archive/samba/2006-September/125643.html
http://lists.samba.org/archive/samba/2006-October/126101.html
Indeed, in those messages, there is only one group listed by the second
command. I also have this kind of result with a certain smb.conf
configuration (I think it is the case when I comment out the variable
"winbind enum groups").
Here is some parts of my smb.conf file:
winbind cache time = 300
security = ads
domain master = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
winbind use default domain = no
winbind trusted domains only = no
restrict anonymous = 2
winbind nested groups = yes
auth methods = winbind
winbind enum users = yes
winbind enum groups = yes
Also, when I tried samba version 3.0.23c, I also had this line:
idmap backend = ad
My /etc/nsswitch.conf file contains those lines, among others:
passwd: compat winbind
group: compat winbind
shadow: compat
Does anyone have an idea about the cause of this problem?
Regards,
Francois.
More information about the samba
mailing list