[Samba] id <username> - doesnt list all groups
Micha Ballmann
ballmann at uni-landau.de
Tue Aug 7 10:20:04 UTC 2018
Hello,
my enviroment:
All Servers are Ubuntun 16.04-18.04
SAMBA AD DC Server and several SAMABA DOMAIN MEMBER (connected via
WINBIND). In ADDC I've created a group "restrictaccess" and added some
users.
Now when im typing "id <username>" on a Domain Member, for some users
the group "restrictaccess" are listed for some not!
For example:
ON DC:
# samba-tool group listmembers restrictaccess
user1
user2
ON Domain Member:
# id user1
uid=10065(user1) gid=10036(domain users) Gruppen=10036(domain
users),3001(BUILTIN\users)
# id user2
uid=20578(user2) gid=10036(domain users) Gruppen=10036(domain
users),*10153(**restrictaccess**)*,3001(BUILTIN\users)
smb.conf on Domain Member:
[global]
security = ads
realm = rootrudi.de
workgroup = ROOTRUDI
idmap config *: backend = tdb
idmap config *: range = 3000-7999
idmap config rootrudi:backend = ad
idmap config rootrudi:range = 10000-999999
idmap config rootrudi:schema_mode = rfc2307
idmap config rootrudi:unix_nss_info = no
template shell = /bin/bash
template homedir = /home/%U
domain master = No
local master = No
preferred master = No
os level = 0
restrict anonymous = 2
winbind cache time = 10
winbind enum groups = Yes
winbind enum users = Yes
winbind use default domain = Yes
map acl inherit = Yes
store dos attributes = Yes
vfs objects = acl_xattr
What happened?
Best regards
Micha
More information about the samba
mailing list