[Samba] Unable to "show" a group using samba-tool

Rowland penny rpenny at samba.org
Wed Apr 1 08:23:09 UTC 2020 

On 01/04/2020 08:23, Rowland penny via samba wrote:
> On 31/03/2020 22:48, David Kowis via samba wrote:
>> Howdy!
>>
>> I'm setting up a domain controller, and things are going wonderfully, 
>> but I'm running into a strange problem, only some groups will display 
>> using the `samba-tool group show` command.
>>
>> <snip>
>> root at vorador:~# samba-tool group addmembers videos dkowis
>> Added members to group videos
>> root at vorador:~# samba-tool group list | grep videos
>> videos
>> root at vorador:~# samba-tool group show videos
>> ERROR: Unable to find group "videos"
>> root at vorador:~# samba-tool user show dkowis | grep videos
>> memberOf: CN=videos,CN=Users,DC=dark,DC=kow,DC=is
>> </snip>
>>
>> The group exists, I can add members to it, and those users show this 
>> membership.
>>
>> I can only "show" some groups:
>>
>> <snip>
>> root at vorador:~# samba-tool group list | egrep "Administrators|Domain 
>> Users"
>> Administrators
>> Domain Users
>> root at vorador:~# samba-tool group show "Administrators"
>> ERROR: Unable to find group "Administrators"
>> root at vorador:~# samba-tool group show "Domain Users"
>> dn: CN=Domain Users,CN=Users,DC=dark,DC=kow,DC=is
>> objectClass: top
>> objectClass: group
>> cn: Domain Users
>> description: All domain users
>> </snip>
>>
>> I'm hoping someone here can help me understand why some groups show 
>> up using show, and some do not.
>> I'd really like to be able to see the group details, especially for 
>> the "videos" group, as it'll have GID and Unix details.
>>
>> Thanks!
>>
> Strange, what version of Samba is this ?
>
> Rowland
>
>
>
No, it isn't strange, it appears (in my opinion) to be using the wrong 
search filter :-(

it uses this filter:

         filter = ("(&(sAMAccountType=%d)(sAMAccountName=%s))" %
                   (ATYPE_SECURITY_GLOBAL_GROUP,
                    ldb.binary_encode(groupname)))

I think it should just be this:

         filter = ("(&(objectCategory=group)(sAMAccountName=%s))" %
                    ldb.binary_encode(groupname)))

The first targets a specific type of group, mine targets all groups.

Rowland

More information about the samba mailing list