[Samba] getent group adgroup not showing members

Gary Casterline casterln at berkeley.edu
Thu Aug 10 22:22:39 UTC 2017


Hello,

I'm bringing up a AD domain member server on RHEL 7.4 which provides
packages with samba 4.6.2.  I've joined the domain and cannot seem to get
this command to provide a list of group members:

getent group adgroupname
what comes back is just
adgroupname:x:gid:

On another machine running RHEL 6.8, the same getent returns a full listing:
adgroupname:*:gid:user1,user2,user3,etc

id username
does return a nice listing of all the groups a particular user is a member
of.

Any clues on what I might be missing here?

Thanks.

/etc/nsswitch.conf:
passwd:     files winbind
group:      files winbind

smb.conf :
[global]
   security = ADS
   workgroup = SAMDOM
   realm = SAMDOM.X.Y
   server string = Samba Server Version %v
   netbios name = ads-name

   username map = /etc/samba/smbusers

   idmap config * : backend   = tdb
   idmap config * : range     = 3000-7999

   idmap config SAMDOM : backend   = rid
   idmap config SAMDOM : range     = 10000-10000000
   idmap config SAMDOM : base_rid  = 0

   client signing = required
   server signing = auto
   client ipc signing = required

   ;winbind enum users = no
   ;winbind enum groups = no
   winbind use default domain = yes
   winbind offline logon = false
   winbind nested groups = yes

   encrypt passwords = yes
   client use spnego = yes
   client lanman auth = no


[homes]
   comment = Home Directories
   valid users = %S, %D%w%S
   browseable = No
   read only = No
   inherit acls = Yes


More information about the samba mailing list