[Samba] chgrp "Domain Admins" on folder return invalid group "Domain Admins"

Jules Houantonon juleshoueto at gmail.com
Tue Apr 5 12:46:23 UTC 2016 

Dear all,

thank you for your previous mails. It realy help me.

Denis, Following your mail and thanks to  the link  i configure my
/etc/nsswitch.conf file  by adding windbind to user and group line and
execute winbindd command.

As i install samba4 from sernet package, init script are created for
starting AD, smbd, nmbd and winbindd. But i read that smbd, nmd and
winbindd should be disable to start samba4 in AD mode. There were even a
Warning that were generated if windbindd service were kept started. So I do
not touch them, as they are disabled.

But after making nsswitch.conf changes, I am able to execute chgrp "domain
admins" /home/demo succesfully and ls -l /home display the permission with
the suitable group.

wbinfo -u also return the users created from AD as wbinfo -g also display
AD domaine groups.

I supposethat things are OK now.

But when i try the getent passwd
I do not have domain user display. Only local users account appear.

I wonder if it is normal.

Thank you for helping again and for your time.

Regards





chgrp



On Tue, Apr 5, 2016 at 11:30 AM, Rowland penny <rpenny at samba.org> wrote:

> On 05/04/16 11:06, Jules Houantonon wrote:
>
>> Hi Denis,
>>
>> Thank you for your mail.
>>
>> I assigned the GID 10000 to the domain admins group through ADUC, and
>> wbinfo --info-group "domain admins" display the correct output.
>>
>
> You need to ensure that 'getent group Domain\ Admins' displays the
> required info, on one of my DCs:
>
> root at dc1:~# getent group Domain\ Admins
> SAMDOM\domain admins:x:10001:
>
> What I think you are missing, are the libnss links, see here for info:
>
>
> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member#libnss_winbind
>
> I know the page refers to a domain member, but it is the same basic setup
> on a DC.
>
> You may also want to consider giving 'Domain Users' a gidNumber
>
> Rowland
>
>
>> But i am still not able to execute succesfuly #chgrp "Domain Admins"
>> /home/demo
>>
>> And when i go to ADUC and try to open  the Unix Attribute of domain admins
>> group, i have the error "Unable to execute". But ADUC still display the
>> contain of the tab with the correct NIS domain and the GID.
>>
>> Is it normal ?
>>
>> Thank you for helping.
>>
>> Regards
>>
>>
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Jules HOUANTONON
*Phone* : (00229) 97578914
*Email *: juleshoueto at gmail.com
*Skype* : houantonon
*linkedin* : www.linkedin.com/in/jhouantonon/en

More information about the samba mailing list