[Samba] Possible winbind bugs.

steve steve at steve-ss.com
Thu Jul 10 04:12:50 MDT 2014


On Thu, 2014-07-10 at 11:01 +0100, Rowland Penny wrote:
> On 10/07/14 10:27, steve wrote:
> > On Thu, 2014-07-10 at 13:25 +0800, Chan Min Wai wrote:
> >> Dear All,
> >>
> >> I've found a strange behavior on Winbind + getent group
> >>
> >> If there are AD/winbind group didn't have any unix gid...
> >> getent group will only show local group.
> >>
> >>
> >> If all the AD/winbind group have unix gid
> >> getent will reply with all the group I have included the AD/winbind group.
> >>
> >> Did we have any bugs reported on this?
> >>
> >> Thank You.
> > Hi Chan
> >
> > Lots of confusion here.
> >
> > I don't think it's a bug because it would be reasonable to expect that
> > if we wish domain groups to behave as posix groups, then we must play by
> > posix rules and include a gid. Otherwise nss knows nothing about them.
> >
> > As we understand, must haves:
> > Domain groups: gidNumber
> > Domain users: uidNumber and gidNumber
> Hi, I thought that, until it was pointed out that if you use winbind, 
> the users gidNumber is ignored and windbind pulls the gidnumber directly 
> from the primary group.
> 
> So yes, the users primary group must have a gidNumber, but the user does 
> not need this added.
> 
> Rowland

Hi
Yes, we agree. However, for completeness (and for those who do not use
winbind) we mimic the Unix manner of obtaining the user's primary group:
from the gidNumber listed in his DN.
Just our translation of the evidence m'lud!
Cheers




More information about the samba mailing list