[Samba] Possible winbind bugs.
steve
steve at steve-ss.com
Thu Jul 10 03:27:45 MDT 2014
On Thu, 2014-07-10 at 13:25 +0800, Chan Min Wai wrote:
> Dear All,
>
> I've found a strange behavior on Winbind + getent group
>
> If there are AD/winbind group didn't have any unix gid...
> getent group will only show local group.
>
>
> If all the AD/winbind group have unix gid
> getent will reply with all the group I have included the AD/winbind group.
>
> Did we have any bugs reported on this?
>
> Thank You.
Hi Chan
Lots of confusion here.
I don't think it's a bug because it would be reasonable to expect that
if we wish domain groups to behave as posix groups, then we must play by
posix rules and include a gid. Otherwise nss knows nothing about them.
As we understand, must haves:
Domain groups: gidNumber
Domain users: uidNumber and gidNumber
The latter must be the gidNumber corresponding to the primaryGroupID for
the user.
As the default group for all new users is Domain Users, then make sure a
miniumum of that group has a gidNumber.
Test:
id user
getent group <domain group>
getent passwd user
groups user
If ANY of those fail to return they will not behave correctly.
HTH
Steve
More information about the samba
mailing list