[Samba] No domaingroups with getent group

Stefan Kania stefan at kania-online.de
Wed Oct 29 04:27:22 MDT 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Rowland,

Am 29.10.14 um 11:03 schrieb Rowland Penny:
> On 29/10/14 09:31, Stefan Kania wrote: Hello,
> 
> after I joined an new machine into my domain, "getent group" is
> not showing any domaingroup.
>> This is a known feature, if you want 'getent group' to work like
>> 'getent passwd', you will need to give every group a gidNumber.
> 
On the domaincontrollers it is working. I checked in RSAT every Group
has a GID in teh "UNIX-Attribute" tag.

> The domainusers are listet with "getent passwd" as expected. In
> nsswitch.conf winbind is used with "passwd" and "group". Wbinfo -g
> shows all groups. "net rpc testjoin" gives the right result. I can
> get a Kerberos-Ticket with "kinit" for all users. I can use
> Kerberos-autentication with "smbclient -L host -k" A "chgrp 'domain
> admins' file" gives "chgrp: invalid group: ‘domain admins’"
>> If I try to change the group ownership of a file on a client, I
>> get this:
> 
>> chgrp 'domain admins' testfile.txt chgrp: changing group of
>> ‘testfile.txt’: Operation not permitted
> 
>> But if I use sudo, it works
> 
>> sudo chgrp 'domain admins' testfile.txt
> 
I do it as "root" so I don't need sudo

>> ls -la testfile.txt -rw-r--r-- 1 rowland domain_admins 0 Oct 29
>> 09:47 testfile.txt
> 
>> Can you post the result of:
> 
>> getent group Domain\ Admins

root at SVL-V-5:/var/lib/samba# getent group Domain\ Admins
domain admins:x:100512:etec,bafu,kljo,rawe

But "getent group" is not showing any domaingroup.
In smb.conf I have "winbind enum group = yes" and "winbind enum users
= Yes" set.

Stwefan
> 
>> Rowland
> 
> But if I da a "chgrp 100512 file" groupownership ist set to "domain
> admins" AND shows the name of the group and NOT just the ID. It's a
> Memberserver and not a DC.
> 
> Any hint where I should look?
> 
> Thanks
> 
> Stefan
> 
> 

- -- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
E-Mail. Weiter Informationen unter http://www.gnupg.org

Mein Schlüssel liegt auf

hkp://subkeys.pgp.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iEYEARECAAYFAlRQwQoACgkQ2JOGcNAHDTbYogCfbqrWD456yOIHTp92mUa3/vEn
7TYAoMVU4/kSzjVaAdwnegKacJnW1IRd
=XE+s
-----END PGP SIGNATURE-----

More information about the samba mailing list