[Samba] Winbind missing secondary groups

Luc Lalonde Luc.Lalonde at polymtl.ca
Wed Jul 27 20:53:26 UTC 2022 

Yeah, I'm really stumped...

I've got the same version of Samba as you (4.15.6) on a Debian 11.

On 2022-07-27 16:24, Rowland Penny via samba wrote:
> On Wed, 2022-07-27 at 16:05 -0400, Luc Lalonde via samba wrote:
>> I corrected all the errors you mentionned in my config... Still a no
>> go
>> for secondary groups.
>>
>> Other answers below:
>>
>> On 2022-07-27 15:19, Rowland Penny via samba wrote:
>>> Does 'Domain Users' have a gidNumber ?
>> No, but I tried setting one... changes nothing (after restarting
>> smbd,
>> winbind, net cache flush)
>>> Do all your users have a uidNumber & gidNumber ?
>> Yes
>>> Do all your groups have a gidNumber ?
>> Yes
>>> Are all these numbers inside the 1000-999999 range ?
>> Yes
> Strange, what version of Samba is this ?
>
> I am using 4.15.7 with these lines in smb.conf:
>
>    winbind expand groups = 2
>    ....................
>    idmap config * : backend = tdb
>    idmap config * : range = 3000-7999
>    idmap config SAMDOM : backend  = ad
>    idmap config SAMDOM : schema_mode = rfc2307
>    idmap config SAMDOM : unix_nss_info = yes
>    idmap config SAMDOM : range = 10000-999999
>
> and I get this:
>
> rowland at devstation:~$ id
> uid=10000(rowland) gid=10000(domain users) groups=10000(domain
> users),102(netdev),1001(unixtest),2000(BUILTIN\administrators),2001(BUI
> LTIN\users),10002(unixgroup),10004(testgroup),10010(group12),10011(prin
> teradmin),10012(ridtest),10013(wingroup),10014(wingroup1),10015(nesttes
> ta),10016(nesttestb),10017(grouptest2),10021(ftpgroup),10022(wingroup2)
> ,10024(unix admins),10030(sam_shares),10032(sshgroup),10035(vpnusers)
>
> The only real difference is that I do not use 'unix_primary_group =
> yes'
>
> As you can see, I get a lot of groups. I would double check everything.
>
> Rowland
>
>
>
-- 
Luc Lalonde, analyste
-----------------------------
Département de génie informatique:
École polytechnique de MTL
(514) 340-4711 x5049
Luc.Lalonde at polymtl.ca
-----------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20220727/badc3deb/OpenPGP_signature.sig>

More information about the samba mailing list