[Samba] winbind and group membership
Martin Vuille
martin at jpmvrealtime.com
Thu Feb 16 05:12:39 MST 2012
Having a very similar problem:
I am using pam_winbind to login to a workstation using domain
credentials. The login works fine and the logged-in user
is assigned his primary domain group membership, but not his
secondary domain group membership(s).
Configuration:
- NT Domain
- PDC is Samba Version 3.5.11-79.fc14 running on Linux
2.6.35.14-106.fc14.i686
- Workstation is Samba Version 3.6.3-78.fc16 running on Linux
3.2.5-3.fc16.x86_64
Everything appears to be configured properly:
- Domain logins work fine
- "wbinfo -g" lists all the domain groups
- "wbinfo --user-groups=<username>" lists the GIDs mapped to
all the domain groups assigned to the user
- "getent group" includes all the domain groups and correctly
shows the domain users assigned to the domain groups
But:
- "groups" and "id" only list the primary group assigned to the user
If I do "newgrp <secondary_domain_group>" to change to the secondary
group, then "groups" and "id" show both the primary and secondary groups.
Am I misunderstanding something and this is the expected behaviour?
I'm fairly certain this used to work as I expect a couple of upgrades
ago (sorry, don't remember Samba version). If not, any suggestions for
fixing this?
MV
More information about the samba
mailing list