[Samba] enumerating group members with nss_winbind (4.0.9 as AD DC)
Trent W. Buck
trentbuck at gmail.com
Tue Oct 29 18:30:54 MDT 2013
steve <steve at steve-ss.com> writes:
> On Tue, 2013-10-29 at 20:37 +1100, Trent W. Buck wrote:
>> Volker Lendecke <Volker.Lendecke at SerNet.DE> writes:
>> > On Tue, Oct 29, 2013 at 03:44:40PM +1100, Trent W. Buck wrote:
>> >> When I do "getent group", I want to see the group's members enumerated.
>> >> With nss_ldap they are; with nss_winbind they aren't:
>> > What is the exact Samba domain member version you are using?
>> Sorry, I dunno what that is.
>> I asked google, but all I found what this thread :-)
>> How can I check?
> I think the question means where are you trying to do this. As I
> understand, you are trying to do it on a 4.0.9 DC, so the answer maybe,
> 'I'm not using a domain member. This is a 4.0.9 DC'?
Ah, sorry for not including enough background.
I'll try to cover it below.
The end goal is a single samba4 server running the whole show as an AD
DC -- no other DCs at all -- and desktops all joined to the AD domain.
I want this so mainly accounts can be centralized between samba and
"Solidworks Enterprise PDM" (which speaks only AD and LDAPv2).
My old samba3 server is still on the network, mostly just acting as NAS,
but with a handful of the desktops joined to it. (Users on the other
desktops just login to local accounts on those desktops.)
The samba4 box is currently firewalled off so desktops can't "see" it
except for ICMP and a couple of ports: ssh, dns, ntp and http/s.
The desktops are IIRC all Win 7, about half of them are the "Home" or
whatever variant that can't join the domain -- those hosts will just
continue with local accounts and treating samba4 as a NAS until they're
replaced by attrition.
More information about the samba