[Samba] differences between 'getent group GROUP1' and 'sudo samba-tool group listmembers GROUP1'
pavel.lisy at gmail.com
pavel.lisy at gmail.com
Tue Jan 21 20:49:11 UTC 2025
On Tue, 2025-01-21 at 20:20 +0000, Rowland Penny via samba wrote:
> On Tue, 21 Jan 2025 21:10:31 +0100
> PaLi via samba <samba at lists.samba.org> wrote:
>
> > Hello
> >
> > Thank for suggestion to config fixes. Back to my original question.
> >
> > Is it possible make
> >
> > getent group
> >
> > working on Samba 4 DC
>
> Yes, but why ?
> It isn't required for Samba to work, use 'getent group GROUPNAME'
> instead.
I don't know if my question was clear enough.
Real example could be better explanation.
real OUTPUT of samba-tool
---
$ sudo samba-tool group listmembers 'domain users'
dns-dc21
Administrator
pali
luno
peli
misi
krbtgt
dhcpduser
masi
dns-DC22
real OUTPUT of getent group
---
$ sudo getent group 'domain users'
OFFICE\domain users:x:2000:
My problem is that both tools return different result.
(getent group -- shows no members)
Do you aggree that it is not correct behaviour?
Other example -- real situation
I will log to DC (or other linux machine joined to Samba 4) through ssh
(terminal session) as non privileged user. I want to get list of
members for group 'Domain Users'. How can I do it without
getent group working?
Pavel
> > to return list of group members to every group line, as it does for
> > group in /etc/group ?
> >
> > I know that I cat get this under root account by
> > samba-tool group listmembers
> >
> > But how to get members of group under non-root account?
> >
> >
> > Second part of question. I've read somewhre it is better way to
> > join
> > linux clients to Samba 4 domain by sssd (than by winbind) and then
> > getent group
> > could work correctly. Is it true?
>
> Do not ask me about sssd, I do not use it and do not see the point of
> it with Samba when you also have to use winbind. sssd is a clone of
> winbind.
>
> >
> > But it cannot be case on Samba DC, right?
> > I can't join DC to itself by sssd, right?
> > Then how to do it?
>
> You don't.
> Why the fixation with 'getent group' ?
>
> Rowland
>
More information about the samba
mailing list