[Samba] Unable to add AD users to local groups

[Rowland Penny]

On Thu, 17 Nov 2016 16:13:50 -0500
Robert Martel via samba <samba at lists.samba.org> wrote:

> 
> 
> On 11/17/2016 02:42 PM, Rowland Penny via samba wrote:
> > On Thu, 17 Nov 2016 14:32:16 -0500
> > Robert Martel via samba <samba at lists.samba.org> wrote:
> >
> >>
> >> On 11/16/2016 04:34 PM, Rowland Penny via samba wrote:
> >>> Provided that the group urbanweb exists in /etc/group and your
> >>> users are shown by getent passwd or id, then you could try the
> >>> unix tools i.e. usermod -G urbanweb ADDOMAIN\\1001362
> >>>
> >>> Rowland
> >> Greetings,
> >>
> >> Thank you for the response.
> >>
> >> the matching UNIX group exists.  Been using local groups on Samba
> >> for years.
> >>
> >> # getent passwd "ADDOMAIN\\1001362"
> >> 1001362:*:2091888:2000513:Robert M
> >> Martel:/home/1001362:/usr/bin/bash
> >>
> >> wbinfo returns useful information
> >>
> >> # wbinfo -i 1001362
> >> 1001362:*:2091888:2000513:Robert M
> >> Martel:/home/1001362:/usr/bin/bash
> >>
> >>
> >> I can "su" to an AD user without a problem.
> >>
> >> I can access shared folders as that user, I just cant add anyone
> >> to a samba local group.  My test Solaris 10 machine running same
> >> version of samba does not exhibit this problem.
> >>
> >> usermod said the user did not exist - but I want to add user to
> >> Samba local group, not the UNIX group in /etc/group.
> >>
> >> #  usermod -G urbanweb ADDOMAIN\\1001362
> >> UX: usermod: ERROR: ADDOMAIN\1001362 is not a local user.
> >>
> >> -Bob
> >>
> >>
> > You said 'local' group, a group can be a local group or a Samba
> > group, it cannot be both.
> >
>   A Samba group local to the AD member server - not an Active
> Directory group.
> Sorry if I chose the incorrect term.
> 

no problem, it just confused me and I am still confused ;-)

How can you add a group to Samba on a joined domain member, but not to
AD ??

It might help if you posted the smb.conf from the domain member.

Rowland