[Samba] groups with cn similar to domain
Mr. Robert John Moggach
rob at moggach.com
Mon Oct 13 15:46:19 MDT 2014
Thanks Marc,
I'll leave it to your crew to determine if it's a bug— I've gone forward having scripted everything I need using ldbsearch.
Thanks for the link - I'm not using any of the words in the "Table of reserved words" so my suspicion is it's a bug in the queries being performed by wbinfo.
I'm using the latest build of Sernet's Samba (4.1.12) on CentOS 6.5.
Rob
On Oct 13, 2014, at 2:16 PM, Marc Muehlfeld <mmuehlfeld at samba.org> wrote:
> Hello Robert,
>
> Am 13.10.2014 um 06:13 schrieb Robert Moggach:
>> Question follows the description…
>>
>> I have a domain something like "DC=example,DC=lan"
>>
>> I can create a group named “example” within group OU “OU=Groups” using:
>>
>> samba-tool group add example —groupou=“OU=Groups"
>>
>> I can’t query the group using:
>>
>> wbinfo —group-info example
>> failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
>> Could not get info for group example
>>
>> However I can query using:
>>
>> ldbsearch --url=ldap://dc1.example.lan -k yes -b “dc=example,dc=lan" "(&(objectclass=group)(cn=example))" -b ou=Groups,dc=example,dc=lan
>>
>> Is it bad practice to create group names that match one of the domain path items?
>>
>> Another example which isn’t part of the domain path is the cn “operation"
>>
>> I can get what I need using grep,sed, etc. but wonder if I’m breaking the rules.
>
>
> I can't say if this is a bug or something based on AD requirements.
>
> MS has a good document about naming conventions:
> https://support2.microsoft.com/kb/909264/en
>
> I could not find your problem there. But there are some situations
> mentioned, that can bring conflicts under certain situations (see e.g.
> "OU names" / "Special issues"). Maybe something like that could be the
> reason.
>
>
> Regards,
> Marc
>
>
More information about the samba
mailing list