rpenny at samba.org
Tue May 8 16:09:25 UTC 2018
On Tue, 8 May 2018 08:31:28 -0700 (MST)
srikar82 via samba <samba at lists.samba.org> wrote:
> We have an AD Forest in the following hierarchy made of parent
> and child domain controllers. Recently we joined an Ubuntu 16.04
> server as a domain member to a Windows 2012 child domain controller.
> Integration was completed successfully. The domain user we used for
> joining to DC is a member of our own created "domain admins" group
> which has rights to join a domain member to our DC. This user is not
> a part of default "Domain Admins" group. Later when we are trying to
> fetch the AD users using "wbinfo -u" and "getent passwd" commands,
> observed that some of the AD users present in some of the OU's of
> child domain controller were not retrieved. Below is the smb.conf file
> we used to integrate with the Windows DC.
Hmm, so you have a group in AD called 'Domain Admins' and another
called 'domain admins', don't think this a good idea, for proof (note
this is on a DC, but the same would occur on a Unix domain member):
root at dc4:~# getent group Domain\ Admins
Oh look, Unix sees 'Domain Admins' as 'domain admins'
Perhaps using 'Unix Admins' instead might be a better idea.
More information about the samba