[Samba] Samba Groups questions

Duncan Brannen dbb at st-andrews.ac.uk
Wed Aug 27 16:17:22 GMT 2008


Short answer, yes.

You should/do get all the groups listed with ifmember /list but get 
different results
with the Solaris nsswitch.conf than padl's nsswitch.conf. I have it 
working, through
changing only this one library.  There may of course have been problems 
with my
ldap_client_file that didn't show up at the OS level but scuppered what 
samba was asking
for.  Didn't see any error messages though.

Cheers.

Duncan Brannen wrote:
>
> Hi,
>      When Samba is running as a PDC and a workstation is joined to the 
> Domain, should the user
> logged into the workstation be able to see all the groups they are a 
> member of using `ifmember /list`?
> Is the below output as expected?  I'm I correct thinking that as all 
> my groups originate
> in the Unix world, I don't need winbind to allow the Workstations to 
> see them?
>
> For what it's worth, Solaris 10 (Sparc) Samba 3.2.1 and OpenLDAP, 
> everything bar
> the Samba version should be irrelevant as it's hidden behind nsswitch 
> and passdb backend?
>
> It's a clean OS / Ldap install with the smbldap tools used to populate 
> the directory and create
> the user, then 'net rpc' used to create groups and add members.
>
> Thanks,
>             Duncan
>
> -----
> On the PDC
> /usr/local/samba/bin/net rpc group members room11 -Uroot%password
> CROOMTEST\dunk
>
> /usr/local/samba/bin/net groupmap list
> Domain Admins (S-1-5-21-440367617-1876916578-3462541782-512) -> Domain 
> Admins
> Domain Users (S-1-5-21-440367617-1876916578-3462541782-513) -> Domain 
> Users
> Domain Guests (S-1-5-21-440367617-1876916578-3462541782-514) -> Domain 
> Guests
> Domain Computers (S-1-5-21-440367617-1876916578-3462541782-515) -> 
> Domain Computers
> Administrators (S-1-5-32-544) -> Administrators
> Account Operators (S-1-5-32-548) -> Account Operators
> Print Operators (S-1-5-32-550) -> Print Operators
> Backup Operators (S-1-5-32-551) -> Backup Operators
> Replicators (S-1-5-32-552) -> Replicators
> room11 (S-1-5-21-440367617-1876916578-3462541782-3003) -> room11
> room9 (S-1-5-21-440367617-1876916578-3462541782-3005) -> room9
>
> getent group
> ...
> room11::1001:dunk
>
> getent passwd
> ...
> dunk:x:1000:512:System User:/home/dunk:/bin/bash
>
> -----
> On the workstation
>
> net group /domain room11
>
> returns dunk as a member
>
> net group /domain
>
> returns a list of all the groups mapped on the pdc that start S-1-5-21-
>
> ifmember /list
>
> returns the primary group CROOMTEST\Domain Admins
> \Everyone
> BUILTIN\Administrators
> BUILTIN\Users
> \Local
> NT Authority\INTERACTIVE
> NT Authority\Authneticated Users
>
>
>


-- 
The University of St Andrews is a charity registered in Scotland : No SC013532



More information about the samba mailing list