[Samba] Samba with Winbind Doesn't See New AD Groups
Rowland penny
rpenny at samba.org
Thu Oct 17 09:08:03 UTC 2019
On 16/10/2019 21:26, Bill Riner via samba wrote:
> [global]
> workgroup = VANDERBILT
> netbios name = mako-smb
> realm = DS.VANDERBILT.EDU
> security = ads
> encrypt passwords = yes
> allow trusted domains = No
> idmap config *:backend = tdb
> idmap config *:range = 4000000 - 5000000
> idmap config VANDERBILT : backend = rid
> idmap config VANDERBILT : range = 5000001 - 9000000
> template shell = /bin/bash
> template homedir = /home/%U
> winbind offline logon = false
> #winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = no
> winbind enum groups = no
> winbind expand groups = 3
> server string = DORS SMB
> log level = 2
> log file = /var/log/samba/log.%m
> max log size = 10000
> passdb backend = tdbsam
> clustering = yes
> unix extensions = yes
>
>
>> On Oct 16, 2019, at 10:24 AM, Bill Riner <bill.riner at gmail.com> wrote:
>>
>> We have an issue where new groups that are created in Active Directory are not visible in Samba. Groups that were created more than about one month ago are visible. We’re using clustered Sernet 4.3.9 with winbind (with ID mapping) and CTDB. NSCD is not running. We’ve tried restarting Samba, but still have the issue. The OS is RHEL 6.7 and the kernel is 2.6.32.
There is nothing wrong with your smb.conf, your new group should be
allocated a GID and be visible. Restarting Samba should wipe the caches
and these should get rebuilt when Samba connects to AD, so they should
become visible. When you say 'not visible', what do you actually mean ?
Does 'getent group {group name}' work
Rowland
More information about the samba
mailing list