[Samba] default backend = rid not showing full group information for users

Jelle de Jong jelledejong at powercraft.nl
Sat May 2 19:36:47 UTC 2020


On 2020-05-02 20:42, Rowland penny via samba wrote:
> On 02/05/2020 19:28, Jelle de Jong via samba wrote:
>> root at s4ad01:~# samba-tool user show jdoe 
> 
> There is no apparent reason why the groups do not work with chgrp, the 
> only reason I can think of is that the group was created and when you 
> tried to 'chgrp' the file, winbind read from its cache and it wasn't in 
> the cache. Try running 'net cache flush' and then try 'chgrp' again.

What should the "winbind expand groups" option be set to for a working 
setup? If I remove "winbind expand groups" there are no group members 
shown at all with the "getent group" command.

root at s4ad01:~# net cache flush
root at samba01:~# net cache flush

root at samba01:~# wbinfo --group-info=development
development:x:11111:jdoe

root at samba01:~# wbinfo --group-info=office
office:x:11106:lgaga,jdoe

jdoe at samba01:~$ id jdoe
uid=11157(jdoe) gid=10513(domain users) groups=10513(domain 
users),11157(jdoe),3001(BUILTIN\users)

jdoe at samba01:~$ chgrp "office" test.txt
chgrp: changing group of 'test.txt': Operation not permitted

jdoe at samba01:~$ samba-tool --version
4.9.5-Debian

root at samba01:~# cat /etc/samba/smb.conf
[global]
    workgroup = SAMDOM
    security = ADS
    realm = SAMDOM.POWERCRAFT.NL

    winbind refresh tickets = Yes
    vfs objects = acl_xattr
    map acl inherit = Yes
    store dos attributes = Yes

    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab

    winbind use default domain = yes

    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes

    username map = /usr/local/samba/etc/user.map

    log file = /var/log/samba/%m.log
    log level = 1

    idmap config * : backend = tdb
    idmap config * : range = 3000-7999

    idmap config SAMDOM:backend = rid
#  idmap config SAMDOM:schema_mode = rfc2307
    idmap config SAMDOM:range = 10000-999999
#  idmap config SAMDOM:unix_nss_info = yes

    template shell = /bin/bash
    template homedir = /home/%U

#  idmap config SAMDOM:unix_primary_group = yes

    winbind enum users = yes
    winbind enum groups = yes
    winbind expand groups = 1

Is this a samba bug then in version 4.9.5-Debian?

Jelle de Jong




More information about the samba mailing list