[Samba] Missing secondary groups
Gaiseric Vandal
gaiseric.vandal at gmail.com
Mon Nov 29 06:54:17 MST 2010
My configuration has Samba domain controllers, not Windows domain
controllers, so my setup may not be applicable to you.
However, in order for unix to use windows groups I believe it needs to
use "getent group" to pull the information from winbind. First of all,
you need to make sure that winbind itself is showing users and/or groups
from the Windows server
"wbinfo -u"
"wbinfo -g"
Then you need to make sure that /etc/nsswitch.conf has been updated for
winbind e.g
passwd: files ldap winbind
group: files ldap winbind
nsswitch.conf is used by things like getent and id.
If you are using pam_smb (I have not) the above information may not be
relative.
On 11/29/2010 01:27 AM, Peter Trifonov wrote:
> Hi,
>
>
>> Does "getent group" show the "Windows" groups?
>>
> No, it does not.
>
>
>
>>> However, the id command displays only the primary group for domain
>>> users.
>>> Furthermore, domain users are not able to access any files owned by
>>>
> their
>
>> > non-primary domain groups.
>>
>>> For example, running
>>> $ id petert
>>> results in the following output:
>>> uid=10000(petert) gid=10009(domain users) groups=10009(domain users)
>>>
> With best regards,
> P. Trifonov
>
More information about the samba
mailing list