[Samba] No domaingroups with getent group
L.P.H. van Belle
belle at bazuin.nl
Wed Oct 29 04:49:30 MDT 2014
Hai,
>
>What is more worrying is that you do not seem to be able to 'chgrp' a
>file, could you please post a (sanitized) copy of your
>smb.conf from the
>member server.
when you assing a GID to the group chgrp works.
Louis
>-----Oorspronkelijk bericht-----
>Van: rowlandpenny at googlemail.com
>[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>Verzonden: woensdag 29 oktober 2014 11:36
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] No domaingroups with getent group
>
>On 29/10/14 10:27, Stefan Kania wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi Rowland,
>>
>> Am 29.10.14 um 11:03 schrieb Rowland Penny:
>>> On 29/10/14 09:31, Stefan Kania wrote: Hello,
>>>
>>> after I joined an new machine into my domain, "getent group" is
>>> not showing any domaingroup.
>>>> This is a known feature, if you want 'getent group' to work like
>>>> 'getent passwd', you will need to give every group a gidNumber.
>> On the domaincontrollers it is working. I checked in RSAT every Group
>> has a GID in teh "UNIX-Attribute" tag.
>>
>>> The domainusers are listet with "getent passwd" as expected. In
>>> nsswitch.conf winbind is used with "passwd" and "group". Wbinfo -g
>>> shows all groups. "net rpc testjoin" gives the right result. I can
>>> get a Kerberos-Ticket with "kinit" for all users. I can use
>>> Kerberos-autentication with "smbclient -L host -k" A "chgrp 'domain
>>> admins' file" gives "chgrp: invalid group: ?domain admins?"
>>>> If I try to change the group ownership of a file on a client, I
>>>> get this:
>>>> chgrp 'domain admins' testfile.txt chgrp: changing group of
>>>> ?testfile.txt?: Operation not permitted
>>>> But if I use sudo, it works
>>>> sudo chgrp 'domain admins' testfile.txt
>> I do it as "root" so I don't need sudo
>>
>>>> ls -la testfile.txt -rw-r--r-- 1 rowland domain_admins 0 Oct 29
>>>> 09:47 testfile.txt
>>>> Can you post the result of:
>>>> getent group Domain\ Admins
>> root at SVL-V-5:/var/lib/samba# getent group Domain\ Admins
>> domain admins:x:100512:etec,bafu,kljo,rawe
>>
>> But "getent group" is not showing any domaingroup.
>> In smb.conf I have "winbind enum group = yes" and "winbind enum users
>> = Yes" set.
>>
>> Stwefan
>This is **NOT** a problem, as long as 'getent group
><groupname>' works,
>then those groups that are shown this way are available to Unix, as I
>said, if you want **EVERY** group to be shown by 'getent group', you
>will need to add a gidNumber to every group.
>
>What is more worrying is that you do not seem to be able to 'chgrp' a
>file, could you please post a (sanitized) copy of your
>smb.conf from the
>member server.
>
>Rowland
>>>> Rowland
>>> But if I da a "chgrp 100512 file" groupownership ist set to "domain
>>> admins" AND shows the name of the group and NOT just the ID. It's a
>>> Memberserver and not a DC.
>>>
>>> Any hint where I should look?
>>>
>>> Thanks
>>>
>>> Stefan
>>>
>>>
>> - --
>> Stefan Kania
>> Landweg 13
>> 25693 St. Michaelisdonn
>>
>>
>> Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
>> E-Mail. Weiter Informationen unter http://www.gnupg.org
>>
>> Mein Schlüssel liegt auf
>>
>> hkp://subkeys.pgp.net
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
>>
>> iEYEARECAAYFAlRQwQoACgkQ2JOGcNAHDTbYogCfbqrWD456yOIHTp92mUa3/vEn
>> 7TYAoMVU4/kSzjVaAdwnegKacJnW1IRd
>> =XE+s
>> -----END PGP SIGNATURE-----
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list