[Samba] chgrp "Domain Admins" on folder return invalid group "Domain Admins"

Jules Houantonon juleshoueto at gmail.com
Tue Apr 5 13:32:46 UTC 2016

Thank you Rowland for your mail.

My aim is to create a fileserver with samba4 and with acl supported. Users
most logon through their windows that are in domain to access their shares.

Samba how to and your explanations open my eyes on the interaction between
samba users and group with the Linux OS.

>From ADUC, I assign an Unix Attribute to a user accout, and automatically
it is given 10000 as its UID, getent command still not display it.

So in my plan, users should only exist in active directory. Does that mean
that getent can still display user or group information that will only
exist in AD ?

Sorry if i am missing something.

Thank you

On Tue, Apr 5, 2016 at 2:03 PM, Rowland penny <rpenny at samba.org> wrote:

> On 05/04/16 13:46, Jules Houantonon wrote:
>> Dear all,
>> thank you for your previous mails. It realy help me.
>> Denis, Following your mail and thanks to  the link  i configure my
>> /etc/nsswitch.conf file  by adding windbind to user and group line and
>> execute winbindd command.
>> As i install samba4 from sernet package, init script are created for
>> starting AD, smbd, nmbd and winbindd. But i read that smbd, nmd and
>> winbindd should be disable to start samba4 in AD mode. There were even a
>> Warning that were generated if windbindd service were kept started. So I do
>> not touch them, as they are disabled.
> It has been sometime since I used a Sernet package, but I seem to remember
> that it came with an init script to start the 'samba' deamon and this will
> start any other required deamons, try looking in /etc/init.d
>> But after making nsswitch.conf changes, I am able to execute chgrp
>> "domain admins" /home/demo succesfully and ls -l /home display the
>> permission with the suitable group.
>> wbinfo -u also return the users created from AD as wbinfo -g also display
>> AD domaine groups.
> All 'wbinfo' shows is that winbindd is running, you need to get 'getent
> passwd' to show users and 'getent group' to show groups. Any users & groups
> that getent does not show, are unknown to the underlying Unix OS.
> I supposethat things are OK now.
>> But when i try the getent passwd
>> I do not have domain user display. Only local users account appear.
> You normally need to give any users that you need to be visible to Unix, a
> unique uidNumber attribute, but on a DC you should get an xidNumber in the
> 3000000 range.
> Do you have users in /etc/passwd that are in AD ?
> If so, choose where you want the user to exist and delete the other, they
> cannot be in both databases.
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

*Phone* : (00229) 97578914
*Email *: juleshoueto at gmail.com
*Skype* : houantonon
*linkedin* : www.linkedin.com/in/jhouantonon/en

More information about the samba mailing list