On Mon, 25 Sep 2017 16:54:24 +0200 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 2017-09-25 um 16:48 schrieb L.P.H. van Belle via samba: > > Arg.. > > > > wbinfo --gid-info=100 > > DC: Confirmed, DOMAIN\Domain Users > > > > Member: Fail. > > failed to call wbcGetgrgid: WBC_ERR_DOMAIN_NOT_FOUND > > Could not get info for gid 100 > > > > But both server show the same with : > > wbinfo -n "NTDOM\domain users" > > > > So imho, report bug if Rowland can confirm this with a samba from > > source. > > Same here on DM: > > # wbinfo --gid-info=100 > failed to call wbcGetgrgid: WBC_ERR_DOMAIN_NOT_FOUND > Could not get info for gid 100 > > # wbinfo -n "ARBEITSGRUPPE\Domain Users" > S-1-5-21-2777655458-4002997014-749295002-513 SID_DOM_GROUP (2) > > DC: > > # wbinfo --gid-info=100 > ARBEITSGRUPPE\domain users:x:100: > > # wbinfo -n "ARBEITSGRUPPE\Domain Users" > S-1-5-21-2777655458-4002997014-749295002-513 SID_DOM_GROUP (2) > >How many times do I have to say this, 'wbinfo' connects directly to AD. To show that your users & groups are known to Unix, you MUST use 'getent' Rowland
Am 2017-09-25 um 17:04 schrieb Rowland Penny via samba:> How many times do I have to say this, 'wbinfo' connects directly to AD. > To show that your users & groups are known to Unix, you MUST use > 'getent'I am sorry. So you want me to do: DC # getent group "domain users" ARBEITSGRUPPE\domain users:x:100: DM # getent group "domain users" domain users:x:10513 ?
On Mon, 25 Sep 2017 17:10:57 +0200 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 2017-09-25 um 17:04 schrieb Rowland Penny via samba: > > > How many times do I have to say this, 'wbinfo' connects directly to > > AD. To show that your users & groups are known to Unix, you MUST use > > 'getent' > > I am sorry. > > So you want me to do: >This is strange.> DC # getent group "domain users" > ARBEITSGRUPPE\domain users:x:100:If I turn off winbind in /etc/nsswitch and run 'getent group "Domain Users"' I get nothing returned, even though there is this in idmap.ldb dn: CN=S-1-5-21-1768301897-3342589593-1064908849-513 cn: S-1-5-21-1768301897-3342589593-1064908849-513 objectClass: sidMap objectSid: S-1-5-21-1768301897-3342589593-1064908849-513 type: ID_TYPE_GID xidNumber: 100 distinguishedName: CN=S-1-5-21-1768301897-3342589593-1064908849-513> > DM # getent group "domain users" > domain users:x:10513Whereas with winbind in /etc/nsswitch.conf on both machines, I get the same result. I always set up libnss-winbind on DCs and use the 'ad' backend on Unix domain members. So, I cannot remember if this is how a DC works if you don't setup PAM and libnss_winbind on a DC, but I don't think it is. Rowland