Hi. FreeBSD 8.2 Samba 3.5.11 from ports I have an issue with group membership. id shows only small part of the groups a user is member of. I'm aware about UNIX max group issue, but this isn't related to it - for example for a user which is member of the 6 griups id shows only 3. Although wbinfo -r shows correct number of groups and wbinfo -G is able to successfully translate UNIX group to a domain SID. Can this be solved somehow ? I tried the 3.6.1 from ports, but using it's nss_winbind.so id only shows primary group for mapped users and none for system users existing in the domain. For example: [emz at witchdoctor:/var/db/samba]# id emz uid=1001(emz) gid=0(wheel) groups=0(wheel),20007(?????????????? ??????),20100(warez-rw),20248(internet users - panicbox),20413(internet users - samara),20456(internet users - crystal) [emz at witchdoctor:/var/db/samba]# wbinfo -r emz 20002 20459 20456 20100 20547 20413 20007 20248 20009 20692 20587 20695 20693 20694 20585 20652 20584 20621 20613 20649 20590 20654 20664 20657 20612 20586 20001 20000 [emz at witchdoctor:/var/db/samba]# wbinfo -r emz | xargs wbinfo -G S-1-5-21-3780126066-798514342-2262872178-513 [emz at witchdoctor:/var/db/samba]# wbinfo -G 20002 S-1-5-21-3780126066-798514342-2262872178-513 [emz at witchdoctor:/var/db/samba]# wbinfo -G 20459 S-1-5-21-3780126066-798514342-2262872178-17960 [emz at witchdoctor:/var/db/samba]# wbinfo -G 20456 S-1-5-21-3780126066-798514342-2262872178-17956 [emz at witchdoctor:/var/db/samba]# wbinfo -G 20100 S-1-5-21-3780126066-798514342-2262872178-11860 [emz at witchdoctor:/var/db/samba]# wbinfo -G 20547 S-1-5-21-3780126066-798514342-2262872178-20184 [emz at witchdoctor:/var/db/samba]# wbinfo -G 20413 S-1-5-21-3780126066-798514342-2262872178-17662 [emz at witchdoctor:/var/db/samba]# wbinfo -G 20007 S-1-5-21-3780126066-798514342-2262872178-512 [emz at witchdoctor:/var/db/samba]# wbinfo -G 20248 S-1-5-21-3780126066-798514342-2262872178-15792 [emz at witchdoctor:/var/db/samba]# wbinfo -G 20009 S-1-5-21-3780126066-798514342-2262872178-5934 [emz at witchdoctor:/var/db/samba]# wbinfo -G 20692 S-1-5-21-3780126066-798514342-2262872178-19463 [emz at witchdoctor:/var/db/samba]# wbinfo -G 20587 S-1-5-21-3780126066-798514342-2262872178-13813 [emz at witchdoctor:/var/db/samba]# wbinfo -G 20695 S-1-5-21-3780126066-798514342-2262872178-19466 Thanks. Eugene.
Hi. On 27.01.2012 14:48, Eugene M. Zheganin wrote:> Hi. > > FreeBSD 8.2 > Samba 3.5.11 from ports > > I have an issue with group membership. id shows only small part of the > groups a user is member of. I'm aware about UNIX max group issue, but > this isn't related to it - for example for a user which is member of > the 6 griups id shows only 3. Although wbinfo -r shows correct number > of groups and wbinfo -G is able to successfully translate UNIX group > to a domain SID. > >I was able to localize the problem a bit more. First of all, winbind doesn't recognize at all the Universal domain groups. Since I have only one domain, I simply changed all the universal group I'm interested in to global ones (still wonder who and why created all these groups as universal). But this solved only a part of the problem. I sill don't see all of the domain groups in 'id' output for the user. I compared the 'wbinfo -g' output and the 'getent group' output. In the 'getent group' some groups are missing ! These are the same groups that are missing from 'id user'. So.... any ideas ? Thanks. Eugene.