[Samba] default backend = rid not showing full group information for users

Jelle de Jong jelledejong at powercraft.nl
Sat May 2 14:07:55 UTC 2020 

Am I wrong to expect that id user and getent group should list me the 
groups the user is part of.

For example wbinfo --group-info=office shows me that user jdoe and lgaga 
are part of the group, but then when doing id jdoe or id lgaga the 
office group is not shown, neither in getent group.

What should I change in my config to have full group information working?

root at samba01:~# wbinfo --group-info=development
development:x:11111:jdoe

root at samba01:~# wbinfo --group-info=office
office:x:11106:lgaga,jdoe

root at samba01:~# getent passwd lgaga
lgaga:*:11155:10513:Lady Gaga:/home/lgaga:/bin/bash

root at samba01:~# getent passwd jdoe
jdoe:*:11157:10513:John Doe:/home/jdoe:/bin/bash

root at samba01:~# id jdoe
uid=11157(jdoe) gid=10513(domain users) groups=10513(domain 
users),11157(jdoe),3001(BUILTIN\users)

root at samba01:~# id lgaga
uid=11155(lgaga) gid=10513(domain users) groups=10513(domain 
users),11155(lgaga),3001(BUILTIN\users)

On 2020-05-01 02:00, Jelle de Jong via samba wrote:
> Hello everybody,
> 
> I am trying to use the backend = rid but it is not showing me group 
> information of the users after adding the user to the domain groups...
> 
> What should I do to have the full group info for the users available?
> 
> https://wiki.samba.org/index.php/Idmap_config_rid
> # All domain's user accounts and groups are automatically available on 
> the domain member.
> 
> root at s4ad01:~# samba-tool group listmembers "office"
> ldb_wrap open of secrets.ldb
> lgaga
> jdoe
> 
> root at samba01:~# wbinfo --group-info=office
> office:x:11106:jdoe,lgaga
> 
> oot at samba01:~# id jdoe
> uid=11157(jdoe) gid=10513(domain users) groups=10513(domain 
> users),11157(jdoe),3001(BUILTIN\users)
> 
> root at samba01:~# id lgaga
> uid=11155(lgaga) gid=10513(domain users) groups=10513(domain 
> users),11155(lgaga),3001(BUILTIN\users)
> 
> 
> root at samba01:~# cat /etc/samba/smb.conf
> [global]
>     workgroup = SAMDOM
>     security = ADS
>     realm = SAMDOM.POWERCRAFT.NL
> 
>     winbind refresh tickets = Yes
>     vfs objects = acl_xattr
>     map acl inherit = Yes
>     store dos attributes = Yes
> 
>     dedicated keytab file = /etc/krb5.keytab
>     kerberos method = secrets and keytab
> 
>     winbind use default domain = yes
> 
>     load printers = no
>     printing = bsd
>     printcap name = /dev/null
>     disable spoolss = yes
> 
>     username map = /usr/local/samba/etc/user.map
> 
>     log file = /var/log/samba/%m.log
>     log level = 1
> 
>     idmap config * : backend = tdb
>     idmap config * : range = 3000-7999
> 
>     idmap config SAMDOM:backend = rid
> #  idmap config SAMDOM:schema_mode = rfc2307
>     idmap config SAMDOM:range = 10000-999999
> #  idmap config SAMDOM:unix_nss_info = yes
> 
>     template shell = /bin/bash
>     template homedir = /home/%U
> 
> #  idmap config SAMDOM:unix_primary_group = yes
> 
>     winbind enum users = yes
>     winbind enum groups = yes
> #  winbind expand groups = 1
>

More information about the samba mailing list