[Samba] winbind and group membership

Martin Vuille martin at jpmvrealtime.com
Thu Feb 16 05:12:39 MST 2012

Having a very similar problem:

I am using pam_winbind to login to a workstation using domain
credentials. The login works fine and the logged-in user
is assigned his primary domain group membership, but not his
secondary domain group membership(s).

- NT Domain
- PDC is Samba Version 3.5.11-79.fc14 running on Linux
- Workstation is Samba Version 3.6.3-78.fc16 running on Linux

Everything appears to be configured properly:
- Domain logins work fine
- "wbinfo -g" lists all the domain groups
- "wbinfo --user-groups=<username>" lists the GIDs mapped to
  all the domain groups assigned to the user
- "getent group" includes all the domain groups and correctly
  shows the domain users assigned to the domain groups

- "groups" and "id" only list the primary group assigned to the user

If I do "newgrp <secondary_domain_group>" to change to the secondary 
group, then "groups" and "id" show both the primary and secondary groups.

Am I misunderstanding something and this is the expected behaviour?
I'm fairly certain this used to work as I expect a couple of upgrades
ago (sorry, don't remember Samba version). If not, any suggestions for 
fixing this?


More information about the samba mailing list