[Samba] differences between 'getent group GROUP1' and 'sudo samba-tool group listmembers GROUP1'

Rowland Penny rpenny at samba.org
Tue Jan 21 20:20:19 UTC 2025


On Tue, 21 Jan 2025 21:10:31 +0100
PaLi via samba <samba at lists.samba.org> wrote:

> Hello
> 
> Thank for suggestion to config fixes. Back to my original question.
> 
> Is it possible make
> 
> getent group
> 
> working on Samba 4 DC

Yes, but why ?
It isn't required for Samba to work, use 'getent group GROUPNAME'
instead.

> to return list of group members to every group line, as it does for
> group in /etc/group ?
> 
> I know that I cat get this under root account by 
> samba-tool group listmembers
> 
> But how to get members of group under non-root account?
> 
> 
> Second part of question. I've read somewhre it is better way to join
> linux clients to Samba 4 domain by sssd (than by winbind) and then 
> getent group 
> could work correctly. Is it true?

Do not ask me about sssd, I do not use it and do not see the point of
it with Samba when you also have to use winbind. sssd is a clone of
winbind.

> 
> But it cannot be case on Samba DC, right? 
> I can't join DC to itself by sssd, right?
> Then how to do it?

You don't.
Why the fixation with 'getent group' ?

Rowland



More information about the samba mailing list