[Samba] No domaingroups with getent group

Rowland Penny rowlandpenny at googlemail.com
Wed Oct 29 11:04:45 MDT 2014

On 29/10/14 16:56, Davor Vusir wrote:
> -- Skickat från mobilusken! --
> Den 29 okt 2014 12:53 skrev "?icro MEGAS" <micromegas at mail333.com>:
>> Hello Stefan,
>>> But "getent group" is not showing any domaingroup. In smb.conf I have
>>> "winbind enum group = yes" and "winbind enum users = Yes" set.
>> I have exactly the same behaviour on my two member servers, so you're
>> not alone. I also already asked here on the list, but unfortunately
>> noone could give me a reasonable answer to that. To summarize it:
>> The /etc/nsswitch.conf looks like that:
>> passwd:         compat winbind
>> group:          compat winbind
>> My domain users all have a uid assigned in the [UNIX Attribute] tab of
> ADUC. The domain group "Domain Users" and "Domain Admins" also have
> assigned a gid in the [UNIX Attribute] tab.
>> "wbinfo -u"
>> "wbinfo -g"
>> "id johndoe"
>> "getent passwd"
>> all are showing correct results as expected. But when I execute "getent
> group" I see only the local users in the output. On the other side, when I
> do "getent group 10000" or "getent group 'Domain Users'" I get the correct
> result displayed:
>> domain users:x:10000:
>> So as conclusion, "getent group" is not outputting the whole groups, but
> if you tell "getent group ..." to query a certain gid or group name it
> works. I have no clue what's going on here.
> Maybe you have got stale/corrupted tdb-files.

No, this is the design, you only get 'getent group' to display all 
groups in AD if you add gidNumber's to ALL groups in AD and use an 'ad' 


> Regards
> Davor
>> Cheers,
>> Mirco
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list