[Samba] getent group not working

[Rowland Penny]

On 08/08/12 12:38, Rowland Penny wrote:
> On 08/08/12 11:59, steve wrote:
>> Hi
>> Ubuntu 12.04 LTS client with 3.6.3 joined to the Samba4 AD domain.
>> smb.conf
>> winbind enum users = Yes
>> winbind enum groups = Yes
>> idmap config *:backend=tdb
>> idmap config *:range=10000-19999
>> idmap config ALTEA:backend=ad
>> idmap config ALTEA:range=20000-40000000
>>
>> getent passwd and wbinfo -u returns all AD users correctly
>> wbinfo -g returns all AD groups correctly
>> getent group fails. Only local groups are returned.
>>
>> getent group works OK on the Samba4 DC.
>>
>> I have disabled firewalls at both ends and torn down apparmor at both 
>> ends.
>>
>> Any ideas anyone?
>> Cheers,
>> Steve
>
> Hi, I am also getting this on Xubuntu 12.04 against a Samba 4 domain, 
> but 'getent group linuxusers' does return the following info,
> linuxusers:x:3000012:
> and you can create dirs and files and chgrp them to the domain group.
>
> My smb.conf
>         idmap config * : backend = tdb
>         idmap config * : range = 1100-2000
>         idmap config HOME : backend = ad
>         idmap config HOME : range = 3000000-3100000
>         idmap config HOME : schema_mode = rfc2307
>
> I do not understand why 'getent group' only returns local groups when 
> 'getent group linuxusers' does returns the info.
>
> Rowland
>
>

More info, with 'winbind use default domain = yes' in smb.conf on the 
client, 'getent group linuxusers' returns the info. Remove 'winbind use 
default domain = yes' from smb.conf and restart nmbd,smbd & winbind, 
'getent group linuxusers' now returns nothing, put the line back & 
restart the daemons and the info comes back.

Why does one line in smb.conf make such a big difference?

Rowland

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.