[Samba] Issue when adding an user to group
rpenny at samba.org
Tue Mar 20 10:37:19 UTC 2018
On Tue, 20 Mar 2018 11:02:46 +0100
Oliver Werner via samba <samba at lists.samba.org> wrote:
> Hello everybody,
> we have an issue with our samba instance of ad member as fileserver
> when i add an user to a group it will adding the user without
> i can verify on our two domain controller that the user is in the
> group with wbinfo -r <user>
> Now when i will check it on the member (fileserver) the user will not
> in the group.
> Anyone has an idea what we’ve misconfigured?
> Our DCs and Member running on Samba 4.7.6
> Here is the configuration of our fileserver
> winbind trusted domains only = no
You don't need the above, it is the default
> winbind enum users = yes
> winbind enum groups = yes
You do not need the above two lines, they only do two things:
One: make 'getent passwd' & 'getent group' show lists of Domain users &
Two: Slow things down if you have a lot of users & groups.
'getent' will work without them.
> winbind cache time = 300
You don't really need the above, it is the default
> # idmap config for domain HQ
> idmap config HQ:backend = ad
> idmap config HQ:schema_mode = rfc2307
> idmap config HQ:range = 1024-99999
> # Use settings from AD for login shell and home directory
> winbind nss info = rfc2307
Things changed with the release of 4.6.0, you should replace 'winbind
nss info = rfc2307' with:
idmap config HQ:unix_nss_info = yes
See here for more info:
You might want to also read the paragraph above it:
It explains the reason for your problem.
More information about the samba