[Samba] samba4 missing group membership with getent group

[Rowland Penny]

If you are using S4 as an ADDC then you are using the builtin winbind and
as far as I can see, this cannot provide group memberships via getent.

I could be wrong but I believe that all the builtin winbind pulls from AD
is the users name & users primary group. These are either via some
algorithm or via rfc2307 uidNumber & gidNumber that must be added manually.

As far as I can see, the only way to get getent on the S4 server to show
groupmembers is to use sssd

If you want to use the S4 server also as a fileserver, you must ensure that
the users have the same uidNumber everywhere. This means that you must use
rfc2307 attributes and use something to pull them, i.e the winbind ad
backend or sssd, the winbind rid backend will not do - it will never give
you the same uidNumber on the S3 clients as on the S4 AD server.


On 24 June 2013 07:05, <Philippe.Simonet at swisscom.com> wrote:

>  Hi ****
>
> ** **
>
> that’s my setting today (AD with 4.06 and files server with 3.6). Working
> great, but my goal is really to ****
>
> get rid of that (just one machine).****
>
> thanks and regards****
>
> ** **
>
> philippe****
>
> ** **
>
> *From:* Ali Bendriss [mailto:ali.bendriss at gmail.com]
> *Sent:* Friday, June 21, 2013 3:39 PM
> *To:* samba at lists.samba.org
> *Cc:* Rowland Penny; Simonet Philippe, ITS-OUS-OP-IFM-NW-IPE
>
> *Subject:* Re: [Samba] samba4 missing group membership with getent group**
> **
>
>  ** **
>
> On Friday, June 21, 2013 10:12:26 AM Rowland Penny wrote:****
>
> > Hi, well yet another reason to use sssd instead of winbind.****
>
> > [...]****
>
>  ****
>
> Hi,****
>
>  ****
>
> An other option is to use samba AD in one server and the file server (smbd
> + winbindd) in an other. Since I've done that (last year I think) I've got
> no problem at all. At first you may think that it's to much resources (2
> servers or vm) but it's really flexible and easy to maintain.****
>
>  ****
>
> --****
>
> Ali****
>
>  ****
>
>  ****
>
>  ****
>