[Samba] Unable to "show" a group using samba-tool

Rowland penny rpenny at samba.org
Wed Apr 1 10:51:56 UTC 2020 

On 01/04/2020 09:23, Rowland penny via samba wrote:
> On 01/04/2020 08:23, Rowland penny via samba wrote:  >> On 31/03/2020 22:48, David Kowis via samba wrote: >>> Howdy! >>> 
 >>> I'm setting up a domain controller, and things are going >>> 
wonderfully, but I'm running into a strange problem, only some >>> 
groups will display using the `samba-tool group show` command. >>> >>> 
<snip> root at vorador:~# samba-tool group addmembers videos dkowis >>> 
Added members to group videos root at vorador:~# samba-tool group >>> list 
| grep videos videos root at vorador:~# samba-tool group show >>> videos 
ERROR: Unable to find group "videos" root at vorador:~# >>> samba-tool user 
show dkowis | grep videos memberOf: >>> 
CN=videos,CN=Users,DC=dark,DC=kow,DC=is </snip> >>> >>> The group 
exists, I can add members to it, and those users show >>> this 
membership. >>> >>> I can only "show" some groups: >>> >>> <snip> 
root at vorador:~# samba-tool group list | egrep >>> "Administrators|Domain 
Users" Administrators Domain Users >>> root at vorador:~# samba-tool group 
show "Administrators" ERROR: >>> Unable to find group "Administrators" 
root at vorador:~# samba-tool >>> group show "Domain Users" dn: CN=Domain 
 >>> Users,CN=Users,DC=dark,DC=kow,DC=is objectClass: top >>> 
objectClass: group cn: Domain Users description: All domain users >>> 
</snip> >>> >>> I'm hoping someone here can help me understand why some 
groups >>> show up using show, and some do not. I'd really like to be 
able >>> to see the group details, especially for the "videos" group, as 
 >>> it'll have GID and Unix details. >>> >>> Thanks! >>> >> Strange, 
what version of Samba is this ? >> >> Rowland >> >> >> > No, it isn't 
strange, it appears (in my opinion) to be using the > wrong search 
filter :-( > > it uses this filter: > > filter = 
("(&(sAMAccountType=%d)(sAMAccountName=%s))" % > 
(ATYPE_SECURITY_GLOBAL_GROUP, ldb.binary_encode(groupname))) > > I think 
it should just be this: > > filter = 
("(&(objectCategory=group)(sAMAccountName=%s))" % > 
ldb.binary_encode(groupname))) > > The first targets a specific type of 
group, mine targets all groups. > > Rowland > > > Er, no it doesn't :-(

It should be :

         filter = ("(&(objectCategory=group)(sAMAccountName=%s))" %
                    ldb.binary_encode(groupname))

Rowland

More information about the samba mailing list