Howdy! I'm setting up a domain controller, and things are going wonderfully, but I'm running into a strange problem, only some groups will display using the `samba-tool group show` command. <snip> root at vorador:~# samba-tool group addmembers videos dkowis Added members to group videos root at vorador:~# samba-tool group list | grep videos videos root at vorador:~# samba-tool group show videos ERROR: Unable to find group "videos" root at vorador:~# samba-tool user show dkowis | grep videos memberOf: CN=videos,CN=Users,DC=dark,DC=kow,DC=is </snip> The group exists, I can add members to it, and those users show this membership. I can only "show" some groups: <snip> root at vorador:~# samba-tool group list | egrep "Administrators|Domain Users" Administrators Domain Users root at vorador:~# samba-tool group show "Administrators" ERROR: Unable to find group "Administrators" root at vorador:~# samba-tool group show "Domain Users" dn: CN=Domain Users,CN=Users,DC=dark,DC=kow,DC=is objectClass: top objectClass: group cn: Domain Users description: All domain users </snip> I'm hoping someone here can help me understand why some groups show up using show, and some do not. I'd really like to be able to see the group details, especially for the "videos" group, as it'll have GID and Unix details. Thanks!
On 31/03/2020 22:48, David Kowis via samba wrote:> Howdy! > > I'm setting up a domain controller, and things are going wonderfully, > but I'm running into a strange problem, only some groups will display > using the `samba-tool group show` command. > > <snip> > root at vorador:~# samba-tool group addmembers videos dkowis > Added members to group videos > root at vorador:~# samba-tool group list | grep videos > videos > root at vorador:~# samba-tool group show videos > ERROR: Unable to find group "videos" > root at vorador:~# samba-tool user show dkowis | grep videos > memberOf: CN=videos,CN=Users,DC=dark,DC=kow,DC=is > </snip> > > The group exists, I can add members to it, and those users show this > membership. > > I can only "show" some groups: > > <snip> > root at vorador:~# samba-tool group list | egrep "Administrators|Domain > Users" > Administrators > Domain Users > root at vorador:~# samba-tool group show "Administrators" > ERROR: Unable to find group "Administrators" > root at vorador:~# samba-tool group show "Domain Users" > dn: CN=Domain Users,CN=Users,DC=dark,DC=kow,DC=is > objectClass: top > objectClass: group > cn: Domain Users > description: All domain users > </snip> > > I'm hoping someone here can help me understand why some groups show up > using show, and some do not. > I'd really like to be able to see the group details, especially for > the "videos" group, as it'll have GID and Unix details. > > Thanks! >Strange, what version of Samba is this ? Rowland
On 01/04/2020 08:23, Rowland penny via samba wrote:> On 31/03/2020 22:48, David Kowis via samba wrote: >> Howdy! >> >> I'm setting up a domain controller, and things are going wonderfully, >> but I'm running into a strange problem, only some groups will display >> using the `samba-tool group show` command. >> >> <snip> >> root at vorador:~# samba-tool group addmembers videos dkowis >> Added members to group videos >> root at vorador:~# samba-tool group list | grep videos >> videos >> root at vorador:~# samba-tool group show videos >> ERROR: Unable to find group "videos" >> root at vorador:~# samba-tool user show dkowis | grep videos >> memberOf: CN=videos,CN=Users,DC=dark,DC=kow,DC=is >> </snip> >> >> The group exists, I can add members to it, and those users show this >> membership. >> >> I can only "show" some groups: >> >> <snip> >> root at vorador:~# samba-tool group list | egrep "Administrators|Domain >> Users" >> Administrators >> Domain Users >> root at vorador:~# samba-tool group show "Administrators" >> ERROR: Unable to find group "Administrators" >> root at vorador:~# samba-tool group show "Domain Users" >> dn: CN=Domain Users,CN=Users,DC=dark,DC=kow,DC=is >> objectClass: top >> objectClass: group >> cn: Domain Users >> description: All domain users >> </snip> >> >> I'm hoping someone here can help me understand why some groups show >> up using show, and some do not. >> I'd really like to be able to see the group details, especially for >> the "videos" group, as it'll have GID and Unix details. >> >> Thanks! >> > Strange, what version of Samba is this ? > > Rowland > > >No, it isn't strange, it appears (in my opinion) to be using the wrong search filter :-( it uses this filter: ??????? filter = ("(&(sAMAccountType=%d)(sAMAccountName=%s))" % ????????????????? (ATYPE_SECURITY_GLOBAL_GROUP, ?????????????????? ldb.binary_encode(groupname))) I think it should just be this: ??????? filter = ("(&(objectCategory=group)(sAMAccountName=%s))" % ?????????????????? ldb.binary_encode(groupname))) The first targets a specific type of group, mine targets all groups. Rowland