Jelle de Jong
2020-May-01 00:00 UTC
[Samba] default backend = rid not showing full group information for users
Hello everybody, I am trying to use the backend = rid but it is not showing me group information of the users after adding the user to the domain groups... What should I do to have the full group info for the users available? https://wiki.samba.org/index.php/Idmap_config_rid # All domain's user accounts and groups are automatically available on the domain member. root at s4ad01:~# samba-tool group listmembers "office" ldb_wrap open of secrets.ldb lgaga jdoe root at samba01:~# wbinfo --group-info=office office:x:11106:jdoe,lgaga oot at samba01:~# id jdoe uid=11157(jdoe) gid=10513(domain users) groups=10513(domain users),11157(jdoe),3001(BUILTIN\users) root at samba01:~# id lgaga uid=11155(lgaga) gid=10513(domain users) groups=10513(domain users),11155(lgaga),3001(BUILTIN\users) root at samba01:~# cat /etc/samba/smb.conf [global] workgroup = SAMDOM security = ADS realm = SAMDOM.POWERCRAFT.NL winbind refresh tickets = Yes vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind use default domain = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes username map = /usr/local/samba/etc/user.map log file = /var/log/samba/%m.log log level = 1 idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config SAMDOM:backend = rid # idmap config SAMDOM:schema_mode = rfc2307 idmap config SAMDOM:range = 10000-999999 # idmap config SAMDOM:unix_nss_info = yes template shell = /bin/bash template homedir = /home/%U # idmap config SAMDOM:unix_primary_group = yes winbind enum users = yes winbind enum groups = yes # winbind expand groups = 1
miguel medalha
2020-May-01 00:12 UTC
[Samba] default backend = rid not showing full group information for users
> I am trying to use the backend = rid but it is not showing me group > information of the users after adding the user to the domain groups...> root at samba01:~# id jdoe > root at samba01:~# id lgagaWhat are your entries for 'passwd' and 'group' in '/etc/nsswitch.conf'? I suppose winbind should be there. In my case: passwd: files winbind group: files winbind
Jelle de Jong
2020-May-01 00:21 UTC
[Samba] default backend = rid not showing full group information for users
On 2020-05-01 02:12, miguel medalha wrote:>> I am trying to use the backend = rid but it is not showing me group >> information of the users after adding the user to the domain groups... > >> root at samba01:~# id jdoe >> root at samba01:~# id lgaga > > What are your entries for 'passwd' and 'group' in '/etc/nsswitch.conf'? I > suppose winbind should be there. In my case: > > passwd: files winbind > group: files winbindroot at samba01:~# cat /etc/nsswitch.conf | grep winbind passwd: files winbind group: files winbind
Jelle de Jong
2020-May-02 14:07 UTC
[Samba] default backend = rid not showing full group information for users
Am I wrong to expect that id user and getent group should list me the groups the user is part of. For example wbinfo --group-info=office shows me that user jdoe and lgaga are part of the group, but then when doing id jdoe or id lgaga the office group is not shown, neither in getent group. What should I change in my config to have full group information working? root at samba01:~# wbinfo --group-info=development development:x:11111:jdoe root at samba01:~# wbinfo --group-info=office office:x:11106:lgaga,jdoe root at samba01:~# getent passwd lgaga lgaga:*:11155:10513:Lady Gaga:/home/lgaga:/bin/bash root at samba01:~# getent passwd jdoe jdoe:*:11157:10513:John Doe:/home/jdoe:/bin/bash root at samba01:~# id jdoe uid=11157(jdoe) gid=10513(domain users) groups=10513(domain users),11157(jdoe),3001(BUILTIN\users) root at samba01:~# id lgaga uid=11155(lgaga) gid=10513(domain users) groups=10513(domain users),11155(lgaga),3001(BUILTIN\users) On 2020-05-01 02:00, Jelle de Jong via samba wrote:> Hello everybody, > > I am trying to use the backend = rid but it is not showing me group > information of the users after adding the user to the domain groups... > > What should I do to have the full group info for the users available? > > https://wiki.samba.org/index.php/Idmap_config_rid > # All domain's user accounts and groups are automatically available on > the domain member. > > root at s4ad01:~# samba-tool group listmembers "office" > ldb_wrap open of secrets.ldb > lgaga > jdoe > > root at samba01:~# wbinfo --group-info=office > office:x:11106:jdoe,lgaga > > oot at samba01:~# id jdoe > uid=11157(jdoe) gid=10513(domain users) groups=10513(domain > users),11157(jdoe),3001(BUILTIN\users) > > root at samba01:~# id lgaga > uid=11155(lgaga) gid=10513(domain users) groups=10513(domain > users),11155(lgaga),3001(BUILTIN\users) > > > root at samba01:~# cat /etc/samba/smb.conf > [global] > ?? workgroup = SAMDOM > ?? security = ADS > ?? realm = SAMDOM.POWERCRAFT.NL > > ?? winbind refresh tickets = Yes > ?? vfs objects = acl_xattr > ?? map acl inherit = Yes > ?? store dos attributes = Yes > > ?? dedicated keytab file = /etc/krb5.keytab > ?? kerberos method = secrets and keytab > > ?? winbind use default domain = yes > > ?? load printers = no > ?? printing = bsd > ?? printcap name = /dev/null > ?? disable spoolss = yes > > ?? username map = /usr/local/samba/etc/user.map > > ?? log file = /var/log/samba/%m.log > ?? log level = 1 > > ?? idmap config * : backend = tdb > ?? idmap config * : range = 3000-7999 > > ?? idmap config SAMDOM:backend = rid > #? idmap config SAMDOM:schema_mode = rfc2307 > ?? idmap config SAMDOM:range = 10000-999999 > #? idmap config SAMDOM:unix_nss_info = yes > > ?? template shell = /bin/bash > ?? template homedir = /home/%U > > #? idmap config SAMDOM:unix_primary_group = yes > > ?? winbind enum users = yes > ?? winbind enum groups = yes > #? winbind expand groups = 1 >
Rowland penny
2020-May-02 14:42 UTC
[Samba] default backend = rid not showing full group information for users
On 02/05/2020 15:07, Jelle de Jong via samba wrote:> Am I wrong to expect that id user and getent group should list me the > groups the user is part of. > > For example wbinfo --group-info=office shows me that user jdoe and > lgaga are part of the group, but then when doing id jdoe or id lgaga > the office group is not shown, neither in getent group. > > What should I change in my config to have full group information working? > > root at samba01:~# wbinfo --group-info=development > development:x:11111:jdoe > > root at samba01:~# wbinfo --group-info=office > office:x:11106:lgaga,jdoe > > root at samba01:~# getent passwd lgaga > lgaga:*:11155:10513:Lady Gaga:/home/lgaga:/bin/bash > > root at samba01:~# getent passwd jdoe > jdoe:*:11157:10513:John Doe:/home/jdoe:/bin/bash > > root at samba01:~# id jdoe > uid=11157(jdoe) gid=10513(domain users) groups=10513(domain > users),11157(jdoe),3001(BUILTIN\users) > > root at samba01:~# id lgaga > uid=11155(lgaga) gid=10513(domain users) groups=10513(domain > users),11155(lgaga),3001(BUILTIN\users) > > On 2020-05-01 02:00, Jelle de Jong via samba wrote: >> Hello everybody, >> >> I am trying to use the backend = rid but it is not showing me group >> information of the users after adding the user to the domain groups... >> >> What should I do to have the full group info for the users available?Get the user to login ;-)>> >> https://wiki.samba.org/index.php/Idmap_config_rid >> # All domain's user accounts and groups are automatically available >> on the domain member.That means that all user accounts will be shown by 'getent passwd' and all groups will be shown by 'getent group', it doesn't mean that 'id' will show every group a user is a member of. You can only be sure of getting a full list of a users groups if the user has logged in. Rowland
Stefan Kania
2020-May-03 10:39 UTC
[Samba] default backend = rid not showing full group information for users
Which Debian version do you use? Because in either version (0 oer 10) in nsswitch.conf is wirtten "files winbind" in Debian 9 it's "compat winbind" and in 10 it's "files systemd winbind" so you removed (I think) systemd maybe you should put it back in Am 01.05.20 um 02:12 schrieb miguel medalha via samba:>> I am trying to use the backend = rid but it is not showing me group >> information of the users after adding the user to the domain groups... > >> root at samba01:~# id jdoe >> root at samba01:~# id lgaga > > What are your entries for 'passwd' and 'group' in '/etc/nsswitch.conf'? I > suppose winbind should be there. In my case: > > passwd: files winbind > group: files winbind > > >