[Samba] default backend = rid not showing full group information for users
Jelle de Jong
jelledejong at powercraft.nl
Sat May 2 19:36:47 UTC 2020
On 2020-05-02 20:42, Rowland penny via samba wrote:
> On 02/05/2020 19:28, Jelle de Jong via samba wrote:
>> root at s4ad01:~# samba-tool user show jdoe
>
> There is no apparent reason why the groups do not work with chgrp, the
> only reason I can think of is that the group was created and when you
> tried to 'chgrp' the file, winbind read from its cache and it wasn't in
> the cache. Try running 'net cache flush' and then try 'chgrp' again.
What should the "winbind expand groups" option be set to for a working
setup? If I remove "winbind expand groups" there are no group members
shown at all with the "getent group" command.
root at s4ad01:~# net cache flush
root at samba01:~# net cache flush
root at samba01:~# wbinfo --group-info=development
development:x:11111:jdoe
root at samba01:~# wbinfo --group-info=office
office:x:11106:lgaga,jdoe
jdoe at samba01:~$ id jdoe
uid=11157(jdoe) gid=10513(domain users) groups=10513(domain
users),11157(jdoe),3001(BUILTIN\users)
jdoe at samba01:~$ chgrp "office" test.txt
chgrp: changing group of 'test.txt': Operation not permitted
jdoe at samba01:~$ samba-tool --version
4.9.5-Debian
root at samba01:~# cat /etc/samba/smb.conf
[global]
workgroup = SAMDOM
security = ADS
realm = SAMDOM.POWERCRAFT.NL
winbind refresh tickets = Yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind use default domain = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
username map = /usr/local/samba/etc/user.map
log file = /var/log/samba/%m.log
log level = 1
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config SAMDOM:backend = rid
# idmap config SAMDOM:schema_mode = rfc2307
idmap config SAMDOM:range = 10000-999999
# idmap config SAMDOM:unix_nss_info = yes
template shell = /bin/bash
template homedir = /home/%U
# idmap config SAMDOM:unix_primary_group = yes
winbind enum users = yes
winbind enum groups = yes
winbind expand groups = 1
Is this a samba bug then in version 4.9.5-Debian?
Jelle de Jong
More information about the samba
mailing list