[Samba] chgrp "Domain Admins" on folder return invalid group "Domain Admins"

Jules Houantonon juleshoueto at gmail.com
Tue Apr 5 14:22:11 UTC 2016

Thank you Rowland,

I do not change my existing configuration as far i have already indicate
winbind value on both passwd and group lines in nsswitch.conf.

But i execute the net cahe flush command and then try getent command by
providing the user name and it works.

It provide outpout for a demo acount that it is only creat in AD and has
unix attribute assigned :
#getent passwd demo
demo:*:10001:10001:demo demo:/home/DEMO/demo:/bin/false

So now, i should be able to define file or folder right from Linux OS with
AD users.

I think that we can consider this subject Solved with your permission.

Many thanks again

On Tue, Apr 5, 2016 at 2:52 PM, Rowland penny <rpenny at samba.org> wrote:

> On 05/04/16 14:32, Jules Houantonon wrote:
>> Thank you Rowland for your mail.
>> My aim is to create a fileserver with samba4 and with acl supported.
>> Users most logon through their windows that are in domain to access their
>> shares.
>> Samba how to and your explanations open my eyes on the interaction
>> between samba users and group with the Linux OS.
>> From ADUC, I assign an Unix Attribute to a user accout, and automatically
>> it is given 10000 as its UID, getent command still not display it.
> The next one should get 10001
>> So in my plan, users should only exist in active directory. Does that
>> mean that getent can still display user or group information that will only
>> exist in AD ?
> getent will display users known to the underlying OS, this is done by
> specifying what methods to use in /etc/nsswitch.conf. For users, there is a
> line that starts 'passwd', this normally contains 'compat ' or 'files' and
> will mean 'getent passwd auser' will return the users info found in the
> file /etc/passwd. If you want to user a different method to use to get a
> users info, you would add it after 'compat ' or 'files' i.e. to use winbind
> 'passwd compat winbind'. This would mean that when you run 'getent passwd
> auser' , the user would be found by first searching in /etc/passwd (this is
> why you cannot have users in /etc/passwd & AD) and then by asking winbind.
> On a DC, winbind would assign an xidNumber and then store it in idmap.ldb
> *or* you can give each user a 'uidNumber' and then this will be used
> instead, only problem is that the old xidNumber will take precedence for a
> time, but you can short circuit this by running:
> net cache flush
> Sorry if i am missing something.
>> Thank you
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

*Phone* : (00229) 97578914
*Email *: juleshoueto at gmail.com
*Skype* : houantonon
*linkedin* : www.linkedin.com/in/jhouantonon/en

More information about the samba mailing list