[Samba] No domaingroups with getent group
L.P.H. van Belle
belle at bazuin.nl
Wed Oct 29 04:54:32 MDT 2014
and i suggest use like this :
chgrp "Domain Users" testfolder
Louis
>-----Oorspronkelijk bericht-----
>Van: belle at bazuin.nl [mailto:samba-bounces at lists.samba.org]
>Namens L.P.H. van Belle
>Verzonden: woensdag 29 oktober 2014 11:50
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] No domaingroups with getent group
>
>Hai,
>
>>
>>What is more worrying is that you do not seem to be able to 'chgrp' a
>>file, could you please post a (sanitized) copy of your
>>smb.conf from the
>>member server.
>
>when you assing a GID to the group chgrp works.
>
>Louis
>
>
>>-----Oorspronkelijk bericht-----
>>Van: rowlandpenny at googlemail.com
>>[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>>Verzonden: woensdag 29 oktober 2014 11:36
>>Aan: samba at lists.samba.org
>>Onderwerp: Re: [Samba] No domaingroups with getent group
>>
>>On 29/10/14 10:27, Stefan Kania wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Hi Rowland,
>>>
>>> Am 29.10.14 um 11:03 schrieb Rowland Penny:
>>>> On 29/10/14 09:31, Stefan Kania wrote: Hello,
>>>>
>>>> after I joined an new machine into my domain, "getent group" is
>>>> not showing any domaingroup.
>>>>> This is a known feature, if you want 'getent group' to work like
>>>>> 'getent passwd', you will need to give every group a gidNumber.
>>> On the domaincontrollers it is working. I checked in RSAT
>every Group
>>> has a GID in teh "UNIX-Attribute" tag.
>>>
>>>> The domainusers are listet with "getent passwd" as expected. In
>>>> nsswitch.conf winbind is used with "passwd" and "group". Wbinfo -g
>>>> shows all groups. "net rpc testjoin" gives the right result. I can
>>>> get a Kerberos-Ticket with "kinit" for all users. I can use
>>>> Kerberos-autentication with "smbclient -L host -k" A "chgrp 'domain
>>>> admins' file" gives "chgrp: invalid group: ?domain admins?"
>>>>> If I try to change the group ownership of a file on a client, I
>>>>> get this:
>>>>> chgrp 'domain admins' testfile.txt chgrp: changing group of
>>>>> ?testfile.txt?: Operation not permitted
>>>>> But if I use sudo, it works
>>>>> sudo chgrp 'domain admins' testfile.txt
>>> I do it as "root" so I don't need sudo
>>>
>>>>> ls -la testfile.txt -rw-r--r-- 1 rowland domain_admins 0 Oct 29
>>>>> 09:47 testfile.txt
>>>>> Can you post the result of:
>>>>> getent group Domain\ Admins
>>> root at SVL-V-5:/var/lib/samba# getent group Domain\ Admins
>>> domain admins:x:100512:etec,bafu,kljo,rawe
>>>
>>> But "getent group" is not showing any domaingroup.
>>> In smb.conf I have "winbind enum group = yes" and "winbind
>enum users
>>> = Yes" set.
>>>
>>> Stwefan
>>This is **NOT** a problem, as long as 'getent group
>><groupname>' works,
>>then those groups that are shown this way are available to Unix, as I
>>said, if you want **EVERY** group to be shown by 'getent group', you
>>will need to add a gidNumber to every group.
>>
>>What is more worrying is that you do not seem to be able to 'chgrp' a
>>file, could you please post a (sanitized) copy of your
>>smb.conf from the
>>member server.
>>
>>Rowland
>>>>> Rowland
>>>> But if I da a "chgrp 100512 file" groupownership ist set to "domain
>>>> admins" AND shows the name of the group and NOT just the ID. It's a
>>>> Memberserver and not a DC.
>>>>
>>>> Any hint where I should look?
>>>>
>>>> Thanks
>>>>
>>>> Stefan
>>>>
>>>>
>>> - --
>>> Stefan Kania
>>> Landweg 13
>>> 25693 St. Michaelisdonn
>>>
>>>
>>> Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
>>> E-Mail. Weiter Informationen unter http://www.gnupg.org
>>>
>>> Mein Schlüssel liegt auf
>>>
>>> hkp://subkeys.pgp.net
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
>>>
>>> iEYEARECAAYFAlRQwQoACgkQ2JOGcNAHDTbYogCfbqrWD456yOIHTp92mUa3/vEn
>>> 7TYAoMVU4/kSzjVaAdwnegKacJnW1IRd
>>> =XE+s
>>> -----END PGP SIGNATURE-----
>>
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions: https://lists.samba.org/mailman/options/samba
>>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list