[Samba] After upgrade from Debian Bookworm to Trixie we get access denied for group users
Rowland Penny
rpenny at samba.org
Mon Nov 24 10:45:12 UTC 2025
On Sun, 23 Nov 2025 15:37:26 +0100
Wim De Geeter <wim.de-geeter at uni-graz.at> wrote:
> In the logs we see that the user1 (belongs to group1 and group2) are
> found
>
>
> /[2025/11/23 15:20:55.651217, 2]
> source3/passdb/pdb_ldap.c:2415(init_group_from_ldap)
> init_group_from_ldap: Entry found for group: 20000
> [2025/11/23 15:20:55.653778, 2]
I had another look at this and if you read the code around line 2415 in
source3/passdb/pdb_ldap.c you find this:
temp = smbldap_talloc_single_attribute(
smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_attr_key2string(groupmap_attr_list,
LDAP_ATTR_GIDNUMBER),
ctx);
if (!temp) {
DEBUG(0, ("init_group_from_ldap: Mandatory attribute %s not found\n",
get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GIDNUMBER)));
TALLOC_FREE(ctx);
return false;
}
DEBUG(2, ("init_group_from_ldap: Entry found for group: %s\n", temp));
Which from my understanding means, find a gidNumber, which it is doing,
it is returning '20000'.
You also have this line in your smb.conf:
idmap config * : range = 30000-40000
'20000' is less than '30000'
I think Samba is ignoring your groups.
Rowland
More information about the samba
mailing list