[Samba] wbinfo -r reports strange gids on AD member

L.P.H. van Belle belle at bazuin.nl
Wed Jan 22 08:49:39 UTC 2020 

Goooood morning Guys, 

..  

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: dinsdag 21 januari 2020 22:29
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] wbinfo -r reports strange gids on AD member
> 
> On 21/01/2020 21:17, Christian via samba wrote:
> > On 21.01.2020 21:57, Rowland penny via samba wrote:
> >> On 21/01/2020 20:43, Christian via samba wrote:
> >>> On 21.01.2020 21:23, Rowland penny via samba wrote:
> >>>> On 21/01/2020 20:02, Christian via samba wrote:
> >>>>> Hi Rowland and Louis,
> >>>>>
> >>>>>>>
> >>>>>>> 
> This is different, this should work, but I am not the expert here, I 
> think you need Louis, if I recall correctly, he does this in 
> production.
> 
> So, over to you Louis ;-)
> 
> Rowland
> 
> 

Hai, yes, i do, i've read the thread.. And i dont see anything off here. 

>>> So the problem is that one of the user's groups is missing, and instead
>>> 3001 is showing up... Other members of the group have their membership
>>> displayed correctly by the groups and wbinfo -r commands. Thanks,
Thism, this is just strange, Christian, did you already run and if not, can you run it and post the ouputs.  : 

net cache flush
systemctl stop samba winbind
systemctl start samba winbind

id some_user
getent passwd some_user

Im not talking about the sshd_config part, other users work so that should be fine. 
Only thing i can say it, I use this also. This is my complete config of sshd_config:

AcceptEnv LANG LC_*
AllowGroups win-allowed-ssh linux-allowed-ssh
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPIKeyExchange yes
ListenAddress 0.0.0.0
PrintMotd no
Subsystem       sftp    /usr/lib/openssh/sftp-server
UsePAM yes
X11Forwarding yes

These are the groups and there names should tell you everything.  ;-). 
win-allowed-ssh  # only contains windows users ( with assigned UID and "Domain users" as primary GID. )
linux-allowed-ssh # only contains admin users to maintain the linux systems. 


So nothing fancy.. 
Let see first that a net cache flush does and the stop/start (! Dont restart .. ) 


Greetz, 

Louis

More information about the samba mailing list