[Samba] domain users issue

Rowland Penny rpenny at samba.org
Mon Feb 12 19:48:12 UTC 2018

On Mon, 12 Feb 2018 20:24:01 +0100
Trenta sis via samba <samba at lists.samba.org> wrote:

> Hi Rowland,
> Not really sure if that is correct, tried with native AD and domain
> users are showed also if they have domain users as primary group, IT
> seems a samba bug liek It was described here
> https://lists.samba.org/archive/samba/2017-October/211699.html
> Any suggestion about how to solve, other groups are working OK, but
> seems that with netapp cdot domain users are not usable, and this is a
> problem...

I ran the command on a win7 machine and it didn't show ANY users as
members of Domain Users, yet every user is definitely a member of Domain

If I run (on a DC): samba-tool group listmembers Domain\ Users

I get a list of all members, but 'listmembers' uses this filter:


Which means use either the contents of the 'primaryGroupID' attribute
OR any 'memberOf' attributes.

If a member of Domain Users (i.e. Every AD user) cannot read a file in
a share that has the group permissions for Domain Users, then the
problem is more than likely to be on the netapp.


More information about the samba mailing list