[Samba] winbind: problems with group names

Dirk Gouders gouders at et.bocholt.fh-gelsenkirchen.de
Fri Sep 16 01:35:52 MDT 2011


Dirk Gouders <gouders at et.bocholt.fh-gelsenkirchen.de> writes:

> Hi,
>
> I am running a 3.6.0 server as a member of a Samba4 domain controller
> and am noticing some behaviour that I do not understand (the domain is
> FB5, the domain member servers's name is tango)
>
> It took me some time to get winbind showing domain users and groups
> but finally with backend idmap_rid it is _nearly_ working.
> `getent passwd' and `gentent group' list domain users and groups:
>
> ...
> FB5+dg:*:1624:1013:dg:/home/FB5/dg:/bin/sh
>
> ...
> FB5+allowed rodc password replication group:x:1071:
> FB5+enterprise read-only domain controllers:x:998:
> FB5+denied rodc password replication group:x:1072:FB5+krbtgt
> FB5+read-only domain controllers:x:1021:
> FB5+group policy creator owners:x:1020:FB5+administrator
> FB5+ras and ias servers:x:1053:
> FB5+domain controllers:x:1016:
> FB5+enterprise admins:x:1019:FB5+administrator
> FB5+domain computers:x:1015:
> FB5+cert publishers:x:1017:
> FB5+dnsupdateproxy:x:1603:
> FB5+domain admins:x:1012:FB5+administrator
> FB5+domain guests:x:1014:
> FB5+schema admins:x:1018:FB5+administrator
> FB5+domain users:x:1013:
> FB5+dnsadmins:x:1602:
>
> But when I use other programs that should display user and group names,
> the group names are TANGO+none instead of FB5+something:
>
> $ id FB5+dg
> uid=1624(FB5+dg) gid=1013(TANGO+none) groups=1013(TANGO+none)
>
> # ls -la /home/FB5/dg/
> total 8
> drwx------ 2 FB5+dg TANGO+none 4096 Sep 15 10:46 .
> drwxr-xr-x 5 root   root       4096 Sep 15 11:28 ..
>
> I tried to remove group_mapping.tdb and winbindd_cache.tdb but that
> did not help.  From what I see if I run winbindd with -d (and from the
> above output), it seems as if it tries to do a group mapping in the
> domain TANGO (the name of the member server) which obviously fails but I
> have no idea what I probably have misconfigured.

I solved this problem myself: I did a fresh start of samba-3.6.0
(removed every tdb and dat files), rejoined the domain and now the group
names are shown correctly.

Dirk


More information about the samba mailing list