[Samba] Domain admins group missing from domain member
Rowland penny
rpenny at samba.org
Sun Dec 13 10:01:04 UTC 2020
On 13/12/2020 02:09, Carlos Jesus via samba wrote:
> Hi all,
> I'm having a strange issue with one of my samba domains that I hope you can
> help with.
> Simply put, getent group|grep "domain admins" returns (as expected) domain
> admins:x:3000061:on both my DC's , but comes out empty on both linux domain
> members.
Not sure why that worked, it shouldn't because you don't have 'winbind
enum groups = yes' in your DC's smb.conf
Also you are using the 'ad' backend on the Unix domain member and
'3000061' isn't a gidNumber, it is an xidNumber and only used on DC's.
This actually is a good thing, because if you do give Domain Admins a
gidNumber, it just becomes a group and cannot own files and folders in
sysvol.
Rowland
More information about the samba
mailing list