[Samba] Wrong groups with 'wbinfo -r user' but right groups with'id user'

Peter Trifonov petert at dcn.infos.ru
Fri Oct 27 07:06:26 GMT 2006


> The first command shows a total of 30 GIDs, some of which are 
> correct and some are not.  The second command shows 14 
> groups, all of which seem to be correct (except that using 
> version 3.0.23c from the backports, I get a spurious GID 
> which does not have a group name, but this might be a side issue).
> Another test I ran was the command id (without arguments) 
> after "su - 'DOMAIN\test_user'".  This also shows 30 groups, 
> as with the first command.
> It seems to me that my problem might not be really similar to the
> problem(s) described in those 2 messages:
> http://lists.samba.org/archive/samba/2006-September/125643.html
> http://lists.samba.org/archive/samba/2006-October/126101.html
> Indeed, in those messages, there is only one group listed by 
> the second command.  I also have this kind of result with a 
> certain smb.conf configuration (I think it is the case when I 
> comment out the variable "winbind enum groups").

I have just tried enabling "winbind enum groups" (WEG) and got exactly the
same behaviour as you have described.
1. wbinfo -r  shows  spurious GID (both with WEG=yes and WEG=no)
2. id shows all groups with WEG=yes and only "Domain Users" with WEG=no
3. If WEG=yes, the user can access a directory of his group, but with WEG=no
this is not possible. 
I did not see incorrect group membership, but this is probably because there
are not so many groups in my setup.

I have 2 domain controllers in my network, one Win2K and one W2003. 
netstat shows that ldap and microsoft-ds sessions are established with W2003

With best regards,
P. Trifonov  

More information about the samba mailing list