[Samba] No domaingroups with getent group

Rowland Penny rowlandpenny at googlemail.com
Wed Oct 29 11:04:45 MDT 2014


On 29/10/14 16:56, Davor Vusir wrote:
> -- Skickat från mobilusken! --
> Den 29 okt 2014 12:53 skrev "?icro MEGAS" <micromegas at mail333.com>:
>> Hello Stefan,
>>
>>> But "getent group" is not showing any domaingroup. In smb.conf I have
>>> "winbind enum group = yes" and "winbind enum users = Yes" set.
>> I have exactly the same behaviour on my two member servers, so you're
>> not alone. I also already asked here on the list, but unfortunately
>> noone could give me a reasonable answer to that. To summarize it:
>>
>> The /etc/nsswitch.conf looks like that:
>>
>> passwd:         compat winbind
>> group:          compat winbind
>>
>> My domain users all have a uid assigned in the [UNIX Attribute] tab of
> ADUC. The domain group "Domain Users" and "Domain Admins" also have
> assigned a gid in the [UNIX Attribute] tab.
>> "wbinfo -u"
>> "wbinfo -g"
>> "id johndoe"
>> "getent passwd"
>>
>> all are showing correct results as expected. But when I execute "getent
> group" I see only the local users in the output. On the other side, when I
> do "getent group 10000" or "getent group 'Domain Users'" I get the correct
> result displayed:
>> domain users:x:10000:
>>
>> So as conclusion, "getent group" is not outputting the whole groups, but
> if you tell "getent group ..." to query a certain gid or group name it
> works. I have no clue what's going on here.
> Maybe you have got stale/corrupted tdb-files.

No, this is the design, you only get 'getent group' to display all 
groups in AD if you add gidNumber's to ALL groups in AD and use an 'ad' 
backend.

Rowland

>
> Regards
> Davor
>
>> Cheers,
>> Mirco
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba



More information about the samba mailing list