[Samba] getent group and net ads user info differs

Cristian Saavedra csg at asualcance.com
Thu Apr 4 16:46:46 MDT 2013 

Fixed!

[root at dominio Policies]# samba-tool dbcheck
Checking 1394 objects
ERROR: orphaned backlink attribute 'memberOf' in CN=lisanyurimicolta,CN=Users,DC=forsa,DC=com,DC=co for link member in CN=SIIF,CN=Users,DC=forsa,DC=com,DC=co
Not removing orphaned backlink member
ERROR: orphaned backlink attribute 'memberOf' in CN=lisanyurimicolta,CN=Users,DC=forsa,DC=com,DC=co for link member in CN=Comercial,CN=Users,DC=forsa,DC=com,DC=co
Not removing orphaned backlink member
ERROR: incorrect DN string component for member in object CN=SIIF,CN=Users,DC=forsa,DC=com,DC=co - <GUID=7ba58aea-6479-41a6-9e7c-cf69e62aad35>;CN=lisanyurimicolta,CN=Users,DC=forsa,DC=com,DC=co
Not fixing incorrect string version of DN
ERROR: incorrect DN string component for member in object CN=Comercial,CN=Users,DC=forsa,DC=com,DC=co - <GUID=7ba58aea-6479-41a6-9e7c-cf69e62aad35>;CN=lisanyurimicolta,CN=Users,DC=forsa,DC=com,DC=co
Not fixing incorrect string version of DN
Please use --fix to fix these errors
Checked 1394 objects (4 errors)

So i re ran the process with --fix and now i can see the user.

El 4/04/2013, a las 12:24, Cristian Saavedra <csg at asualcance.com> escribió:

> 
> Hello Kevin
> 
> The group is on the samba AD and i don't have nis installed on this server, the nsswitch.conf is this.
> 
> passwd:     files winbind
> shadow:     files winbind
> group:      files winbind
> 
> My OS is Centos 6.3
> 
> El 4/04/2013, a las 10:42, "Shaw, Kevin" <Kevin.Shaw at xerox.com> escribió:
> 
>> Cristian,
>> 
>> The group commercial is in /etc/group or NIS group?
>> 
>> cat /etc/group | grep lisanyurimicolta
>> 
>> ypcat -k group | grep lisanyurimicolta
>> 
>> If group is configured correctly I would look at /etc/nsswitch.conf. I don't know what OS you are running, this is where name switching is configured in Solaris.
>> 
>> HTH,
>> 
>> -Kevin
>> 
>> -----Original Message-----
>> From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Cristian Saavedra
>> Sent: Thursday, April 04, 2013 7:45 AM
>> To: samba at lists.samba.org
>> Subject: [Samba] getent group and net ads user info differs
>> 
>> Hello
>> 
>> I have a samba 4.0.3 pdc and a samba 3.5.10 as a fileserver and i am  having an issue that i like to share with you.
>> 
>> I have a share son the samba 3 setup like this
>> 
>> [Comercial]
>>       browsable = Yes
>>       comment = Comercial
>>       path = /shares2/Comercial
>>       valid users = @Ingenieria, @Mercadeo, @Comercial, @SIIF, @Costos, administrador, backup
>>       write list = @Comercial, @Mercadeo, @Ingenieria, administrador, claudiavillegas, manuelaparicio
>>       read list = @Comercial, @SIIF, , at Almacen, @Costos, @Uruguay, @Ingenieria, backup
>>       force create mode = 666
>>       force directory mode = 777
>> 	veto files = /*.exe/*.com/*.dll/*.mp3/*.bat/
>> 
>> As you can see the Comercial group is authorized to read and write, so i have this user lisanyurimicolta she is on the Comercial group:
>> 
>> [root at srvfs audit]# net ads user info lisanyurimicolta
>> Domain Users
>> TerminalServer
>> politicas3
>> SIIF
>> Comercial
>> [root at srvfs audit]#
>> 
>> srvfs is my samba 3.x server, but then she can't write on the share, so i'm executing a getent group to validate that she is on that group for the winbind, but i get this
>> 
>> [root at srvfs audit]# getent group comercial
>> comercial:*:16777233:claralibreros,christiancano,danilocampo,anabedoya,guillerminagarcia,humbertocardona,marthamurillo,pruebas,yoancanabal,andreasaa,adrianazapata,jhonrealpe,maryamgamboa,jassonaperador,adolfotrullo,christhianjimenez,mariaguerrero,mariomunera,mauricioperdomo,melbaorejuela,paolagomez,richardordonez,ginagarces,juanagudelo,adrianalopez,andrespossu,dianaolano,yulymejia,edwinyepes,jenniferbazantes,ronaldduque,maribelgomez,linabanol,lauramulcue,johncastillo,luzgallego,giovannysotomayor,andresgutierrez,arlexcardona,jonathangaviria,victorianavia,andrescampino
>> 
>> Why is this happening? any suggestions? 
>> 
>> Thanks for your help.
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list