[Samba] NSS and group enumeration in CUPS...

L.P.H. van Belle belle at bazuin.nl
Fri Jun 15 09:23:47 UTC 2018 

Hai Marco, 

Imo, its not a bug, at least not in cups. 

You dont need the winbind enum groups = yes.  
It works fine but can you post your samba verion, your running this one on jessie or stretch server? 
I "think" you run this server with samba backend set to RID not AD. ( note, that should not matter ) 
I run my print server with backend AD, on stretch samba 4.8.2

You Debian Jessie, samba 4.5.12 with backend RID. Correct? 

If thats the case, i really suggest you upgrade to samba 4.6.15 or up. 
And set these on the print server. 
    idmap config NTDOM : unix_primary_group = yes
    idmap config NTDOM : unix_nss_info = yes

The winbind fixed between 4.5.12 and 4.6 and up can help a lot here to resolv this. 
I do understand the use of 4.5.12, thats a choice, but its just not a good version. 

# my repo settings for jessie with 4.6.15 
wget -O - http://apt.van-belle.nl/louis-van-belle.gpg-key.asc | apt-key add -
echo "deb http://apt.van-belle.nl/debian jessie-backports main contrib non-free" | sudo tee -a /etc/apt/sources.list.d/van-belle.list
echo "deb http://apt.van-belle.nl/debian jessie main contrib non-free" | sudo tee -a /etc/apt/sources.list.d/van-belle.list
echo "deb http://apt.van-belle.nl/debian unstable main contrib non-free" | sudo tee -a /etc/apt/sources.list.d/van-belle.list
apt-get update
apt-get dist-upgrade  ( you need the dist upgrade because you get a few extra packages ) 

Run: net cache flush

An preffer a server reboot also, but thats up 2 you. 
Then run id username again and getent group username 

See if you get the needed output.

But again, i strongly suggest you upgrade you server to stretch and use samba 4.7+ of better 4.8.2 
Note, Jessie is entering LTS mode, so no fixes wil go in samba unless its a security fix. 


Greetz, 

Louis





> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Marco Gaiarin via samba
> Verzonden: vrijdag 15 juni 2018 10:20
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] NSS and group enumeration in CUPS...
> 
> Mandi! L.P.H. van Belle via samba
>   In chel di` si favelave...
> 
> > Yes, i did add my AD admin user to a local group but only once. 
> 
> Ah, ok. In this way clearly work, but it is all but optimal, you have
> to manage local membership on every server...
> 
> 
> > And yes, you can replace the lpadmin group for a windows 
> group but thats more work imo. 
> 
> Seems to me that, apart setting 'winbind enum groups = yes', 
> there's no
> solution...
> 
> I've fired up a debian bug, but probably it is better upstream...
> 
> 	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901529
> 
> -- 
> dott. Marco Gaiarin				        GNUPG 
> Key ID: 240A3D66
>   Associazione ``La Nostra Famiglia''          
> http://www.lanostrafamiglia.it/
>   Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al 
> Tagliamento (PN)
>   marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   
> f +39-0434-842797
> 
> 		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
>       http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> 	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list