[Samba] Winbind missing secondary groups
Rowland Penny
rpenny at samba.org
Wed Jul 27 20:24:25 UTC 2022
On Wed, 2022-07-27 at 16:05 -0400, Luc Lalonde via samba wrote:
> I corrected all the errors you mentionned in my config... Still a no
> go
> for secondary groups.
>
> Other answers below:
>
> On 2022-07-27 15:19, Rowland Penny via samba wrote:
> > Does 'Domain Users' have a gidNumber ?
> No, but I tried setting one... changes nothing (after restarting
> smbd,
> winbind, net cache flush)
> > Do all your users have a uidNumber & gidNumber ?
> Yes
> > Do all your groups have a gidNumber ?
> Yes
> > Are all these numbers inside the 1000-999999 range ?
> Yes
Strange, what version of Samba is this ?
I am using 4.15.7 with these lines in smb.conf:
winbind expand groups = 2
....................
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config SAMDOM : backend = ad
idmap config SAMDOM : schema_mode = rfc2307
idmap config SAMDOM : unix_nss_info = yes
idmap config SAMDOM : range = 10000-999999
and I get this:
rowland at devstation:~$ id
uid=10000(rowland) gid=10000(domain users) groups=10000(domain
users),102(netdev),1001(unixtest),2000(BUILTIN\administrators),2001(BUI
LTIN\users),10002(unixgroup),10004(testgroup),10010(group12),10011(prin
teradmin),10012(ridtest),10013(wingroup),10014(wingroup1),10015(nesttes
ta),10016(nesttestb),10017(grouptest2),10021(ftpgroup),10022(wingroup2)
,10024(unix admins),10030(sam_shares),10032(sshgroup),10035(vpnusers)
The only real difference is that I do not use 'unix_primary_group =
yes'
As you can see, I get a lot of groups. I would double check everything.
Rowland
More information about the samba
mailing list