[Samba] 'getent group mygroup' fails when 'winbind use default domain = yes'
Kees van Vloten
keesvanvloten at gmail.com
Thu May 13 16:14:40 UTC 2021
Hi Samba-team,
I am trying to get my smb-fileserver working as domain-member in a
samba-dc domain.
A part of smb.conf [global]:
[global]
netbios name = GRIEG
security = ADS
realm = COMPOSERS.LAN
workgroup = COMPOSERS
vfs objects = acl_xattr
idmap_ldb:use rfc2307 = yes
idmap config composers:backend = ad
idmap config composers:schema_mode = rfc2307
idmap config composers:unix_nss_info = yes
idmap config composers:range = 1001-999999
idmap config *:backend = tdb
idmap config *:range = 1000000-1999999
#winbind cache time = 300
winbind enum groups = yes
winbind enum users = yes
#winbind expand groups = 10
#winbind normalize names = yes
#winbind offline logon = yes
winbind refresh tickets = yes
#winbind scan trusted domains = yes
winbind use default domain = yes
Some lines of /etc/nsswitch.conf:
passwd: files winbind
group: files winbind
shadow: files
gshadow: files
With 'winbind use default domain = yes', 'getent group' returns all
groups properly, although there a slow down when it starts listing the
domain groups. Such slow down is not visible when listing users with
'getent passwd'.
When I do 'getent group mygroup', nothing is returned.
With winbind use default domain = no', 'getent group' still works
properly but there is no slow down on domain groups and 'getent group
COMPOSERS\\mygroup' now returns the group details as expected.
I would prefer to have 'winbind use default domain = yes'. What can I do
to make domain group lookups work properly?
- Kees
More information about the samba
mailing list