[Samba] No domaingroups with getent group

L.P.H. van Belle belle at bazuin.nl
Wed Oct 29 04:49:30 MDT 2014


>What is more worrying is that you do not seem to be able to 'chgrp' a 
>file, could you please post a (sanitized) copy of your 
>smb.conf from the 
>member server.

when you assing a GID to the group chgrp works. 


>-----Oorspronkelijk bericht-----
>Van: rowlandpenny at googlemail.com 
>[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>Verzonden: woensdag 29 oktober 2014 11:36
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] No domaingroups with getent group
>On 29/10/14 10:27, Stefan Kania wrote:
>> Hash: SHA1
>> Hi Rowland,
>> Am 29.10.14 um 11:03 schrieb Rowland Penny:
>>> On 29/10/14 09:31, Stefan Kania wrote: Hello,
>>> after I joined an new machine into my domain, "getent group" is
>>> not showing any domaingroup.
>>>> This is a known feature, if you want 'getent group' to work like
>>>> 'getent passwd', you will need to give every group a gidNumber.
>> On the domaincontrollers it is working. I checked in RSAT every Group
>> has a GID in teh "UNIX-Attribute" tag.
>>> The domainusers are listet with "getent passwd" as expected. In
>>> nsswitch.conf winbind is used with "passwd" and "group". Wbinfo -g
>>> shows all groups. "net rpc testjoin" gives the right result. I can
>>> get a Kerberos-Ticket with "kinit" for all users. I can use
>>> Kerberos-autentication with "smbclient -L host -k" A "chgrp 'domain
>>> admins' file" gives "chgrp: invalid group: ?domain admins?"
>>>> If I try to change the group ownership of a file on a client, I
>>>> get this:
>>>> chgrp 'domain admins' testfile.txt chgrp: changing group of
>>>> ?testfile.txt?: Operation not permitted
>>>> But if I use sudo, it works
>>>> sudo chgrp 'domain admins' testfile.txt
>> I do it as "root" so I don't need sudo
>>>> ls -la testfile.txt -rw-r--r-- 1 rowland domain_admins 0 Oct 29
>>>> 09:47 testfile.txt
>>>> Can you post the result of:
>>>> getent group Domain\ Admins
>> root at SVL-V-5:/var/lib/samba# getent group Domain\ Admins
>> domain admins:x:100512:etec,bafu,kljo,rawe
>> But "getent group" is not showing any domaingroup.
>> In smb.conf I have "winbind enum group = yes" and "winbind enum users
>> = Yes" set.
>> Stwefan
>This is **NOT** a problem, as long as 'getent group 
><groupname>' works, 
>then those groups that are shown this way are available to Unix, as I 
>said, if you want **EVERY** group to be shown by 'getent group', you 
>will need to add a gidNumber to every group.
>What is more worrying is that you do not seem to be able to 'chgrp' a 
>file, could you please post a (sanitized) copy of your 
>smb.conf from the 
>member server.
>>>> Rowland
>>> But if I da a "chgrp 100512 file" groupownership ist set to "domain
>>> admins" AND shows the name of the group and NOT just the ID. It's a
>>> Memberserver and not a DC.
>>> Any hint where I should look?
>>> Thanks
>>> Stefan
>> - -- 
>> Stefan Kania
>> Landweg 13
>> 25693 St. Michaelisdonn
>> Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
>> E-Mail. Weiter Informationen unter http://www.gnupg.org
>> Mein Schlüssel liegt auf
>> hkp://subkeys.pgp.net
>> Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
>> 7TYAoMVU4/kSzjVaAdwnegKacJnW1IRd
>> =XE+s
>> -----END PGP SIGNATURE-----
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list