[Samba] winbindd 4.1.7 resolves group memberships for all but primary group
Sven Schwedas
sven.schwedas at tao.at
Tue Jun 3 07:11:52 MDT 2014
I don't know where exactly the problem was, even with debug 5 I was only
able to see that idmap failed… somewhere (STATUS_SOME_UNMAPPED).
"Solved" by adding gids/uids to every single AD group and user.
On 2014-05-28 12:12, Sven Schwedas wrote:
> We're using a bunch of AD groups – all users/groups are created and
> managed with ADUC. Domain Users is the primary group for all users, plus
> a few for our departments (and Domain Admins). All groups have their
> posixGroup attributes filled out.
>
> wbinfo --group-info and getent group show the correct membership for all
> groups except Domain Users.
>
> smb.conf: http://pastebin.com/ymrXZJ5u
> Already tried with winbind nss info = sfu, no improvement.
>
> LDAP excerpt (members pruned) for Domain Users:
> http://pastebin.com/3ysX0S7C
>
> LDAP excerpt for Domain Admins:
> http://pastebin.com/vYTu70dV
>
> The only difference I can see is the member field. ADUC apparently
> doesn't explicitly set it for the primary group (and doesn't allow me to
> set it manually), it only sets memberUid and msSFU30PosixMember (which
> are both ignored by winbindd). Is there some way I can make winbindd use
> the correct field, or is there a configuration problem somewhere else?
>
>
>
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20140603/c338fef7/attachment.pgp>
More information about the samba
mailing list