[Samba] Unable to get primary group information when using AD authentication with samba-4.10.4
Rowland penny
rpenny at samba.org
Mon Mar 2 09:47:48 UTC 2020
On 02/03/2020 09:21, Goto, Ryoichi wrote:
> Hi, Rowland.
>
> As stated in the first query on February 29, why does the samba-3.6.23 rhel6.6 environment produce the expected results?
I have no idea, I can only go off the info provided. If the 'ad' backend
produces no output, this usually means that the users do not have a
uidNumber containing a number inside the 'DOMAIN' range and/or Domain
Users does not have a gidNumber containing a number inside the same range.
Switching to the 'rid' backend usually proves this, if you get users
with 'getent passwd' or 'id', then this proves there is connection to AD
and that there is either a problem with the uidNumber & gidNumber
attributes, or there are none.
> Or why run 'wbinfo -a username% password' even if it is 'rid backend', and log in once and get the information successfully?
>
The problem is that Samba cannot get the full list of a users groups
unless the user has logged in, which is what 'wbinfo -a' does. However,
does it really matter if you do not get a full list of a users groups
without running 'wbinfo -a', the user will get a full list when they log in.
Rowland
More information about the samba
mailing list