[Samba] Winbind does not show all groups of all users

Rowland penny rpenny at samba.org
Mon Mar 16 16:28:48 UTC 2020

On 16/03/2020 16:19, Dipl.-Ing. Péter Varkoly via samba wrote:
> Am Montag, den 16.03.2020, 15:17 +0000 schrieb Rowland penny via samba:
>> After deciphering the above,
> Sorry. evolution has reformatted my text :-(
No problem ;-)
>> it is a known feature, only when a user
>> logs in can you be sure to get a full list of the users groups.
> Very strange. I've recreated a new user and put it in all groups and he
> was inmediately in all groups.
> What does mean to log in? Is "smbclient //server/share -U user%pw"
> enough?
> Connecting "sta" with smbclient has access to all groups.
> Making su - sta ; id Not all groups will be shown.
Exactly, connecting via smbclient is logging in and that is when it 
matters that all a users groups are known.
>> What is interesting are the ID's in the 4000000 range, why this range
>> ?
> By creating a new object we generate a new unix id and save it into the
>   rfc2307 attributes: uidNumber,gidNumber. We wanted to separate this
> from the winbind "automatic" id-s. If a user or group has an unix-id
> 30XXX then we know immediately something went wrong :-)
Fair enough, most people use the same range as ADUC did , 10000 up


More information about the samba mailing list