Short answer, yes.
You should/do get all the groups listed with ifmember /list but get
different results
with the Solaris nsswitch.conf than padl's nsswitch.conf. I have it
working, through
changing only this one library. There may of course have been problems
with my
ldap_client_file that didn't show up at the OS level but scuppered what
samba was asking
for. Didn't see any error messages though.
Cheers.
Duncan Brannen wrote:>
> Hi,
> When Samba is running as a PDC and a workstation is joined to the
> Domain, should the user
> logged into the workstation be able to see all the groups they are a
> member of using `ifmember /list`?
> Is the below output as expected? I'm I correct thinking that as all
> my groups originate
> in the Unix world, I don't need winbind to allow the Workstations to
> see them?
>
> For what it's worth, Solaris 10 (Sparc) Samba 3.2.1 and OpenLDAP,
> everything bar
> the Samba version should be irrelevant as it's hidden behind nsswitch
> and passdb backend?
>
> It's a clean OS / Ldap install with the smbldap tools used to populate
> the directory and create
> the user, then 'net rpc' used to create groups and add members.
>
> Thanks,
> Duncan
>
> -----
> On the PDC
> /usr/local/samba/bin/net rpc group members room11 -Uroot%password
> CROOMTEST\dunk
>
> /usr/local/samba/bin/net groupmap list
> Domain Admins (S-1-5-21-440367617-1876916578-3462541782-512) -> Domain
> Admins
> Domain Users (S-1-5-21-440367617-1876916578-3462541782-513) -> Domain
> Users
> Domain Guests (S-1-5-21-440367617-1876916578-3462541782-514) -> Domain
> Guests
> Domain Computers (S-1-5-21-440367617-1876916578-3462541782-515) ->
> Domain Computers
> Administrators (S-1-5-32-544) -> Administrators
> Account Operators (S-1-5-32-548) -> Account Operators
> Print Operators (S-1-5-32-550) -> Print Operators
> Backup Operators (S-1-5-32-551) -> Backup Operators
> Replicators (S-1-5-32-552) -> Replicators
> room11 (S-1-5-21-440367617-1876916578-3462541782-3003) -> room11
> room9 (S-1-5-21-440367617-1876916578-3462541782-3005) -> room9
>
> getent group
> ...
> room11::1001:dunk
>
> getent passwd
> ...
> dunk:x:1000:512:System User:/home/dunk:/bin/bash
>
> -----
> On the workstation
>
> net group /domain room11
>
> returns dunk as a member
>
> net group /domain
>
> returns a list of all the groups mapped on the pdc that start S-1-5-21-
>
> ifmember /list
>
> returns the primary group CROOMTEST\Domain Admins
> \Everyone
> BUILTIN\Administrators
> BUILTIN\Users
> \Local
> NT Authority\INTERACTIVE
> NT Authority\Authneticated Users
>
>
>
--
The University of St Andrews is a charity registered in Scotland : No SC013532