[Samba] default backend = rid not showing full group information for users
Jelle de Jong
jelledejong at powercraft.nl
Sat May 2 14:07:55 UTC 2020
Am I wrong to expect that id user and getent group should list me the
groups the user is part of.
For example wbinfo --group-info=office shows me that user jdoe and lgaga
are part of the group, but then when doing id jdoe or id lgaga the
office group is not shown, neither in getent group.
What should I change in my config to have full group information working?
root at samba01:~# wbinfo --group-info=development
development:x:11111:jdoe
root at samba01:~# wbinfo --group-info=office
office:x:11106:lgaga,jdoe
root at samba01:~# getent passwd lgaga
lgaga:*:11155:10513:Lady Gaga:/home/lgaga:/bin/bash
root at samba01:~# getent passwd jdoe
jdoe:*:11157:10513:John Doe:/home/jdoe:/bin/bash
root at samba01:~# id jdoe
uid=11157(jdoe) gid=10513(domain users) groups=10513(domain
users),11157(jdoe),3001(BUILTIN\users)
root at samba01:~# id lgaga
uid=11155(lgaga) gid=10513(domain users) groups=10513(domain
users),11155(lgaga),3001(BUILTIN\users)
On 2020-05-01 02:00, Jelle de Jong via samba wrote:
> Hello everybody,
>
> I am trying to use the backend = rid but it is not showing me group
> information of the users after adding the user to the domain groups...
>
> What should I do to have the full group info for the users available?
>
> https://wiki.samba.org/index.php/Idmap_config_rid
> # All domain's user accounts and groups are automatically available on
> the domain member.
>
> root at s4ad01:~# samba-tool group listmembers "office"
> ldb_wrap open of secrets.ldb
> lgaga
> jdoe
>
> root at samba01:~# wbinfo --group-info=office
> office:x:11106:jdoe,lgaga
>
> oot at samba01:~# id jdoe
> uid=11157(jdoe) gid=10513(domain users) groups=10513(domain
> users),11157(jdoe),3001(BUILTIN\users)
>
> root at samba01:~# id lgaga
> uid=11155(lgaga) gid=10513(domain users) groups=10513(domain
> users),11155(lgaga),3001(BUILTIN\users)
>
>
> root at samba01:~# cat /etc/samba/smb.conf
> [global]
> workgroup = SAMDOM
> security = ADS
> realm = SAMDOM.POWERCRAFT.NL
>
> winbind refresh tickets = Yes
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
>
> winbind use default domain = yes
>
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> username map = /usr/local/samba/etc/user.map
>
> log file = /var/log/samba/%m.log
> log level = 1
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
>
> idmap config SAMDOM:backend = rid
> # idmap config SAMDOM:schema_mode = rfc2307
> idmap config SAMDOM:range = 10000-999999
> # idmap config SAMDOM:unix_nss_info = yes
>
> template shell = /bin/bash
> template homedir = /home/%U
>
> # idmap config SAMDOM:unix_primary_group = yes
>
> winbind enum users = yes
> winbind enum groups = yes
> # winbind expand groups = 1
>
More information about the samba
mailing list