[Samba] differences between 'getent group GROUP1' and 'sudo samba-tool group listmembers GROUP1'

pavel.lisy at gmail.com pavel.lisy at gmail.com
Tue Jan 21 20:49:11 UTC 2025


On Tue, 2025-01-21 at 20:20 +0000, Rowland Penny via samba wrote:
> On Tue, 21 Jan 2025 21:10:31 +0100
> PaLi via samba <samba at lists.samba.org> wrote:
> 
> > Hello
> > 
> > Thank for suggestion to config fixes. Back to my original question.
> > 
> > Is it possible make
> > 
> > getent group
> > 
> > working on Samba 4 DC
> 
> Yes, but why ?
> It isn't required for Samba to work, use 'getent group GROUPNAME'
> instead.
I don't know if my question was clear enough. 
Real example could be better explanation.


real OUTPUT of samba-tool
---
$ sudo samba-tool group listmembers 'domain users'
dns-dc21
Administrator
pali
luno
peli
misi
krbtgt
dhcpduser
masi
dns-DC22


real OUTPUT of getent group
---
$ sudo getent group 'domain users'
OFFICE\domain users:x:2000:


My problem is that both tools return different result. 
(getent group -- shows no members)

Do you aggree that it is not correct behaviour?


Other example -- real situation

I will log to DC (or other linux machine joined to Samba 4) through ssh
(terminal session) as non privileged user. I want to get list of
members for group 'Domain Users'. How can I do it without 
getent group working?


Pavel

> > to return list of group members to every group line, as it does for
> > group in /etc/group ?
> > 
> > I know that I cat get this under root account by 
> > samba-tool group listmembers
> > 
> > But how to get members of group under non-root account?
> > 
> > 
> > Second part of question. I've read somewhre it is better way to
> > join
> > linux clients to Samba 4 domain by sssd (than by winbind) and then 
> > getent group 
> > could work correctly. Is it true?
> 
> Do not ask me about sssd, I do not use it and do not see the point of
> it with Samba when you also have to use winbind. sssd is a clone of
> winbind.
> 
> > 
> > But it cannot be case on Samba DC, right? 
> > I can't join DC to itself by sssd, right?
> > Then how to do it?
> 
> You don't.
> Why the fixation with 'getent group' ?
> 
> Rowland
> 




More information about the samba mailing list