[Samba] Listing AD group members

A. James Lewis james at fsck.co.uk
Mon Oct 30 17:32:17 UTC 2017 

Oh, apologies, I thought you were referring to the fact that I had changed your -d0 to -d10 since I was getting no output for 10 minutes... :)

smb.conf
[global]
   workgroup = DOMAIN
   security = ADS
   realm = DOMAIN.LOCAL

   idmap config *:backend = tdb
   idmap config *:range = 95000-99999
   idmap config DOMAIN:backend = rid
   idmap config DOMAIN:range = 100000-999999
   
   winbind trusted domains only = no
   winbind use default domain = yes
   winbind refresh tickets = yes

   template shell = /bin/bash
   template homedir = /home/%D/%U

/etc/resolv.conf
search domain.local
nameserver 10.x.x.20
nameserver 10.x.x.21
nameserver 10.x.x.11
nameserver 10.x.y.10
nameserver 10.x.y.20
nameserver 10.y.x.90
nameserver 10.y.x.21
nameserver 10.y.x.90

/etc/hosts
127.0.0.1	localhost proxy1 proxy2 printer
127.0.1.1	hostname.dev.domain.local hostname

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

/etc/krb5.conf 
[libdefaults]
	default_realm = DOMAIN.LOCAL
	dns_lookup_realm = false
	dns_lookup_kdc = true


It's running on Ubuntu 17.10.

James


October 30, 2017 4:20 PM, "Rowland Penny via samba" <samba at lists.samba.org> wrote:

> On Mon, 30 Oct 2017 15:51:28 +0000
> "A. James Lewis" <james at fsck.co.uk> wrote:
> 
>> I must admit I assumed that it was completely hung which is why I
>> looked at your command line to see if there was a typo etc... but
>> here's the output you asked for:-
>> 
>> root at hostname:~# time samba-tool group listmembers testgroup -H
>> ldap://adserver -d0 FUNC-UNIX
>> 
>> real 11m33.761s <------ LONG TIME!
>> user 0m0.327s
>> sys 0m0.021s
>> 
>> I guess they have some nested groups set up... it does appear to be
>> returning something, but obviously not at list of users.
>> 
>> However, for example:-
>> 
>> root at hostname:~# time wbinfo -g jlewis | grep testgroup
>> testgroup
>> 
>> real 0m0.134s
>> user 0m0.019s
>> sys 0m0.005s
>> 
>> I don't have any issue logging on, or using the host...
> 
> Will you please post the info I asked you to post, plus I think you
> better tell us what OS you are using.
> 
> Whilst nested groups might slow things down, it shouldn't slow things
> down to the extent you are seeing.
> 
> Rowland
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

--
A. James Lewis (james at fsck.co.uk)
"Engineering does not require science. Science helps a lot but people
built perfectly good brick walls long before they knew why cement works."

More information about the samba mailing list