[Samba] chgrp "Domain Admins" on folder return invalid group "Domain Admins"
rpenny at samba.org
Tue Apr 5 13:03:42 UTC 2016
On 05/04/16 13:46, Jules Houantonon wrote:
> Dear all,
> thank you for your previous mails. It realy help me.
> Denis, Following your mail and thanks to the link i configure my
> /etc/nsswitch.conf file by adding windbind to user and group line and
> execute winbindd command.
> As i install samba4 from sernet package, init script are created for
> starting AD, smbd, nmbd and winbindd. But i read that smbd, nmd and
> winbindd should be disable to start samba4 in AD mode. There were even
> a Warning that were generated if windbindd service were kept started.
> So I do not touch them, as they are disabled.
It has been sometime since I used a Sernet package, but I seem to
remember that it came with an init script to start the 'samba' deamon
and this will start any other required deamons, try looking in /etc/init.d
> But after making nsswitch.conf changes, I am able to execute chgrp
> "domain admins" /home/demo succesfully and ls -l /home display the
> permission with the suitable group.
> wbinfo -u also return the users created from AD as wbinfo -g also
> display AD domaine groups.
All 'wbinfo' shows is that winbindd is running, you need to get 'getent
passwd' to show users and 'getent group' to show groups. Any users &
groups that getent does not show, are unknown to the underlying Unix OS.
> I supposethat things are OK now.
> But when i try the getent passwd
> I do not have domain user display. Only local users account appear.
You normally need to give any users that you need to be visible to Unix,
a unique uidNumber attribute, but on a DC you should get an xidNumber in
the 3000000 range.
Do you have users in /etc/passwd that are in AD ?
If so, choose where you want the user to exist and delete the other,
they cannot be in both databases.
More information about the samba