[Samba] groups with cn similar to domain
Marc Muehlfeld
mmuehlfeld at samba.org
Mon Oct 13 15:16:22 MDT 2014
Hello Robert,
Am 13.10.2014 um 06:13 schrieb Robert Moggach:
> Question follows the description…
>
> I have a domain something like "DC=example,DC=lan"
>
> I can create a group named “example” within group OU “OU=Groups” using:
>
> samba-tool group add example —groupou=“OU=Groups"
>
> I can’t query the group using:
>
> wbinfo —group-info example
> failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for group example
>
> However I can query using:
>
> ldbsearch --url=ldap://dc1.example.lan -k yes -b “dc=example,dc=lan" "(&(objectclass=group)(cn=example))" -b ou=Groups,dc=example,dc=lan
>
> Is it bad practice to create group names that match one of the domain path items?
>
> Another example which isn’t part of the domain path is the cn “operation"
>
> I can get what I need using grep,sed, etc. but wonder if I’m breaking the rules.
I can't say if this is a bug or something based on AD requirements.
MS has a good document about naming conventions:
https://support2.microsoft.com/kb/909264/en
I could not find your problem there. But there are some situations
mentioned, that can bring conflicts under certain situations (see e.g.
"OU names" / "Special issues"). Maybe something like that could be the
reason.
Regards,
Marc
More information about the samba
mailing list