[Samba] Winbind does not show all groups of all users
Rowland penny
rpenny at samba.org
Mon Mar 16 15:17:16 UTC 2020
On 16/03/2020 14:21, Dipl.-Ing. Péter Varkoly via samba wrote:
> Hi!
> I'm using 4.10.13 as AD and have the issue that winbind does not show
> correct the group membership of some users. # Global
> parameters[global] ldap server require strong auth =
> no netbios name = admin realm =
> XXXX.LOKAL workgroup = XXXX dns forwarder =
> 8.8.8.8 server role = active directory domain
> controller idmap_ldb:use rfc2307 = Yes winbind enum users
> = No winbind enum groups = No wide links =
> Yes unix extensions = No
> bind interfaces only = yes interfaces = 127.0.0.1,
> 172.16.0.2 ntlm auth = yes template shell = /bin/bash
> socket options = TCP_NODELAY TCP_KEEPIDLE=240 TCP_KEEPCNT=4
> TCP_KEEPINTVL=15
> For examle the user sta is member of the group 10A:ldbsearch -H
> /var/lib/samba/private/sam.ldb CN=10A | grep stainstanceType: 4member:
> CN=sta,OU=teachers,DC=xxxxx,DC=lokal
> ldbsearch -H /var/lib/samba/private/sam.ldb CN=sta | grep 10AmemberOf:
> CN=10A,CN=Users,DC=xxxxx,DC=lokal
> But id does not show this:uid=4000821(XXXXX\sta) gid=100(users)
> Gruppen=100(users),4000005(XXXXX\teachers),4001457(XXXXXX\erdkunde),300
> 0009(BUILTIN\users)
> And:wbinfo --user-groups sta100400000540014573000009
> What is wrong with this user??The most of the user have not this
> problem.
> Regards.
>
After deciphering the above, it is a known feature, only when a user
logs in can you be sure to get a full list of the users groups.
What is interesting are the ID's in the 4000000 range, why this range ?
Rowland
More information about the samba
mailing list