[Samba] No domaingroups with getent group
Stefan Kania
stefan at kania-online.de
Wed Oct 29 04:27:22 MDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Rowland,
Am 29.10.14 um 11:03 schrieb Rowland Penny:
> On 29/10/14 09:31, Stefan Kania wrote: Hello,
>
> after I joined an new machine into my domain, "getent group" is
> not showing any domaingroup.
>> This is a known feature, if you want 'getent group' to work like
>> 'getent passwd', you will need to give every group a gidNumber.
>
On the domaincontrollers it is working. I checked in RSAT every Group
has a GID in teh "UNIX-Attribute" tag.
> The domainusers are listet with "getent passwd" as expected. In
> nsswitch.conf winbind is used with "passwd" and "group". Wbinfo -g
> shows all groups. "net rpc testjoin" gives the right result. I can
> get a Kerberos-Ticket with "kinit" for all users. I can use
> Kerberos-autentication with "smbclient -L host -k" A "chgrp 'domain
> admins' file" gives "chgrp: invalid group: ‘domain admins’"
>> If I try to change the group ownership of a file on a client, I
>> get this:
>
>> chgrp 'domain admins' testfile.txt chgrp: changing group of
>> ‘testfile.txt’: Operation not permitted
>
>> But if I use sudo, it works
>
>> sudo chgrp 'domain admins' testfile.txt
>
I do it as "root" so I don't need sudo
>> ls -la testfile.txt -rw-r--r-- 1 rowland domain_admins 0 Oct 29
>> 09:47 testfile.txt
>
>> Can you post the result of:
>
>> getent group Domain\ Admins
root at SVL-V-5:/var/lib/samba# getent group Domain\ Admins
domain admins:x:100512:etec,bafu,kljo,rawe
But "getent group" is not showing any domaingroup.
In smb.conf I have "winbind enum group = yes" and "winbind enum users
= Yes" set.
Stwefan
>
>> Rowland
>
> But if I da a "chgrp 100512 file" groupownership ist set to "domain
> admins" AND shows the name of the group and NOT just the ID. It's a
> Memberserver and not a DC.
>
> Any hint where I should look?
>
> Thanks
>
> Stefan
>
>
- --
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
E-Mail. Weiter Informationen unter http://www.gnupg.org
Mein Schlüssel liegt auf
hkp://subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iEYEARECAAYFAlRQwQoACgkQ2JOGcNAHDTbYogCfbqrWD456yOIHTp92mUa3/vEn
7TYAoMVU4/kSzjVaAdwnegKacJnW1IRd
=XE+s
-----END PGP SIGNATURE-----
More information about the samba
mailing list