[Samba] Unable to get primary group information when using AD authentication with samba-4.10.4

Rowland penny rpenny at samba.org
Mon Mar 2 09:47:48 UTC 2020

On 02/03/2020 09:21, Goto, Ryoichi wrote:
> Hi, Rowland.
> As stated in the first query on February 29, why does the samba-3.6.23 rhel6.6 environment produce the expected results?

I have no idea, I can only go off the info provided. If the 'ad' backend 
produces no output, this usually means that the users do not have a 
uidNumber containing a number inside the 'DOMAIN' range and/or Domain 
Users does not have a gidNumber containing a number inside the same range.

Switching to the 'rid' backend usually proves this, if you get users 
with 'getent passwd' or 'id', then this proves there is connection to AD 
and that there is either a problem with the uidNumber & gidNumber 
attributes, or there are none.

> Or why run 'wbinfo -a username% password' even if it is 'rid backend', and log in once and get the information successfully?
The problem is that Samba cannot get the full list of a users groups 
unless the user has logged in, which is what 'wbinfo -a' does. However, 
does it really matter if you do not get a full list of a users groups 
without running 'wbinfo -a', the user will get a full list when they log in.


More information about the samba mailing list