thr3ads.net - samba - [Samba] default backend = rid not showing full group information for users [May 2020]

If this information is useful, please help other people find it:
Share via:

Rowland penny

2020-May-02 18:20 UTC

[Samba] default backend = rid not showing full group information for users

On 02/05/2020 18:59, Jelle de Jong via samba wrote:> On 2020-05-02 16:42, Rowland penny via samba wrote:
>> On 02/05/2020 15:07, Jelle de Jong via samba wrote:
>>> Am I wrong to expect that id user and getent group should list me 
>>> the groups the user is part of.
>>>
>>> For example wbinfo --group-info=office shows me that user jdoe and 
>>> lgaga are part of the group, but then when doing id jdoe or id
lgaga
>>> the office group is not shown, neither in getent group.
>>>
>>> What should I change in my config to have full group information 
>>> working?
>>>
>>> root at samba01:~# wbinfo --group-info=development
>>> development:x:11111:jdoe
>>>
>>> root at samba01:~# wbinfo --group-info=office
>>> office:x:11106:lgaga,jdoe
>>>
>>> root at samba01:~# getent passwd lgaga
>>> lgaga:*:11155:10513:Lady Gaga:/home/lgaga:/bin/bash
>>>
>>> root at samba01:~# getent passwd jdoe
>>> jdoe:*:11157:10513:John Doe:/home/jdoe:/bin/bash
>>>
>>> root at samba01:~# id jdoe
>>> uid=11157(jdoe) gid=10513(domain users) groups=10513(domain 
>>> users),11157(jdoe),3001(BUILTIN\users)
>>>
>>> root at samba01:~# id lgaga
>>> uid=11155(lgaga) gid=10513(domain users) groups=10513(domain 
>>> users),11155(lgaga),3001(BUILTIN\users)
>>>
>>> On 2020-05-01 02:00, Jelle de Jong via samba wrote:
>>>> Hello everybody,
>>>>
>>>> I am trying to use the backend = rid but it is not showing me
group
>>>> information of the users after adding the user to the domain
groups...
>>>>
>>>> What should I do to have the full group info for the users
available?
>> Get the user to login ;-)
>>>>
>>>> https://wiki.samba.org/index.php/Idmap_config_rid
>>>> # All domain's user accounts and groups are automatically
available
>>>> on the domain member.
>>
>> That means that all user accounts will be shown by 'getent
passwd'
>> and all groups will be shown by 'getent group', it doesn't
mean that
>> 'id' will show every group a user is a member of. You can only
be
>> sure of getting a full list of a users groups if the user has logged
in.
>
> So I log in as user jdoe and I still do not have access to the group...:
>
> jdoe at samba01:~$ getent group | grep jdoe
> development:x:11111:jdoe
> office:x:11106:jdoe,lgaga
> domain users:x:10513:jdoe,lgaga,administrator,krbtgt
>
> jdoe at samba01:~$ id jdoe
> uid=11157(jdoe) gid=10513(domain users) groups=10513(domain 
> users),11157(jdoe),3001(BUILTIN\users)
>
> jdoe at samba01:~$ touch test.txt
> jdoe at samba01:~$ chgrp "domain users" test.txt #works!!
> jdoe at samba01:~$ chgrp office test.txt
> chgrp: changing group of 'test.txt': Operation not permitted
>
> Why are the group development and office not available for the users 
> part of this group?
>
> Kind regards,
>
> Jelle de Jong
>I think you should show us the AD objects for 'jdoe' &
'lgaga'

Rowland

Jelle de Jong

2020-May-02 18:28 UTC

head link

[Samba] default backend = rid not showing full group information for users

On 2020-05-02 20:20, Rowland penny via samba wrote:> On 02/05/2020 18:59, Jelle de Jong via samba wrote:
>> On 2020-05-02 16:42, Rowland penny via samba wrote:
>>> On 02/05/2020 15:07, Jelle de Jong via samba wrote:
>>>> Am I wrong to expect that id user and getent group should list
me
>>>> the groups the user is part of.
>>>>
>>>> For example wbinfo --group-info=office shows me that user jdoe
and
>>>> lgaga are part of the group, but then when doing id jdoe or id
lgaga
>>>> the office group is not shown, neither in getent group.
>>>>
>>>> What should I change in my config to have full group
information
>>>> working?
>>>>
>>>> root at samba01:~# wbinfo --group-info=development
>>>> development:x:11111:jdoe
>>>>
>>>> root at samba01:~# wbinfo --group-info=office
>>>> office:x:11106:lgaga,jdoe
>>>>
>>>> root at samba01:~# getent passwd lgaga
>>>> lgaga:*:11155:10513:Lady Gaga:/home/lgaga:/bin/bash
>>>>
>>>> root at samba01:~# getent passwd jdoe
>>>> jdoe:*:11157:10513:John Doe:/home/jdoe:/bin/bash
>>>>
>>>> root at samba01:~# id jdoe
>>>> uid=11157(jdoe) gid=10513(domain users) groups=10513(domain 
>>>> users),11157(jdoe),3001(BUILTIN\users)
>>>>
>>>> root at samba01:~# id lgaga
>>>> uid=11155(lgaga) gid=10513(domain users) groups=10513(domain 
>>>> users),11155(lgaga),3001(BUILTIN\users)
>>>>
>>>> On 2020-05-01 02:00, Jelle de Jong via samba wrote:
>>>>> Hello everybody,
>>>>>
>>>>> I am trying to use the backend = rid but it is not showing
me group
>>>>> information of the users after adding the user to the
domain groups...
>>>>>
>>>>> What should I do to have the full group info for the users
available?
>>> Get the user to login ;-)
>>>>>
>>>>> https://wiki.samba.org/index.php/Idmap_config_rid
>>>>> # All domain's user accounts and groups are
automatically available
>>>>> on the domain member.
>>>
>>> That means that all user accounts will be shown by 'getent
passwd'
>>> and all groups will be shown by 'getent group', it
doesn't mean that
>>> 'id' will show every group a user is a member of. You can
only be
>>> sure of getting a full list of a users groups if the user has
logged in.
>>
>> So I log in as user jdoe and I still do not have access to the
group...:
>>
>> jdoe at samba01:~$ getent group | grep jdoe
>> development:x:11111:jdoe
>> office:x:11106:jdoe,lgaga
>> domain users:x:10513:jdoe,lgaga,administrator,krbtgt
>>
>> jdoe at samba01:~$ id jdoe
>> uid=11157(jdoe) gid=10513(domain users) groups=10513(domain 
>> users),11157(jdoe),3001(BUILTIN\users)
>>
>> jdoe at samba01:~$ touch test.txt
>> jdoe at samba01:~$ chgrp "domain users" test.txt #works!!
>> jdoe at samba01:~$ chgrp office test.txt
>> chgrp: changing group of 'test.txt': Operation not permitted
>>
>> Why are the group development and office not available for the users 
>> part of this group?
>>
>> Kind regards,
>>
>> Jelle de Jong
>>
> I think you should show us the AD objects for 'jdoe' &
'lgaga'
root at s4ad01:~# samba-tool user show jdoe
ldb_wrap open of secrets.ldb
dn: CN=John Doe,CN=Users,DC=samdom,DC=powercraft,DC=nl
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: John Doe
givenName: John Doe
instanceType: 4
whenCreated: 20200430223428.0Z
displayName: John Doe
uSNCreated: 6013
name: John Doe
objectGUID: 39dd50a7-9759-4d94-b7d5-292b0b6685da
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
primaryGroupID: 513
objectSid: S-1-5-21-2973048184-1977035664-260764756-1157
accountExpires: 9223372036854775807
sAMAccountName: jdoe
sAMAccountType: 805306368
userPrincipalName: jdoe at samdom.powercraft.nl
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC=powercraft
  ,DC=nl
loginShell: /bin/bash
pwdLastSet: 132327596685766050
userAccountControl: 512
lastLogonTimestamp: 132327597082583380
homeDrive: H:
homeDirectory: \\SAMBA01\users\jdoe
whenChanged: 20200430231011.0Z
uSNChanged: 6020
memberOf: CN=office,CN=Users,DC=samdom,DC=powercraft,DC=nl
memberOf: CN=development,CN=Users,DC=samdom,DC=powercraft,DC=nl
lastLogon: 132329156295792050
logonCount: 12
distinguishedName: CN=John Doe,CN=Users,DC=samdom,DC=powercraft,DC=nl

root at s4ad01:~# samba-tool user show lgaga
ldb_wrap open of secrets.ldb
dn: CN=Lady Gaga,CN=Users,DC=samdom,DC=powercraft,DC=nl
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Lady Gaga
givenName: Lady Gaga
instanceType: 4
whenCreated: 20200430222112.0Z
displayName: Lady Gaga
uSNCreated: 6002
name: Lady Gaga
objectGUID: 6a86c792-c177-4797-a4fd-99c4379dab82
badPwdCount: 0
codePage: 0
countryCode: 0
homeDirectory: \\SAMBA01\users\lgaga
homeDrive: H
badPasswordTime: 0
lastLogoff: 0
primaryGroupID: 513
objectSid: S-1-5-21-2973048184-1977035664-260764756-1155
accountExpires: 9223372036854775807
sAMAccountName: lgaga
sAMAccountType: 805306368
userPrincipalName: lgaga at samdom.powercraft.nl
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC=powercraft
  ,DC=nl
loginShell: /bin/bash
pwdLastSet: 132327588724653300
userAccountControl: 512
lastLogonTimestamp: 132327588827098890
whenChanged: 20200430222122.0Z
uSNChanged: 6006
lastLogon: 132327592186315850
logonCount: 4
memberOf: CN=office,CN=Users,DC=samdom,DC=powercraft,DC=nl
distinguishedName: CN=Lady Gaga,CN=Users,DC=samdom,DC=powercraft,DC=nl


Jelle de Jong

Rowland penny

2020-May-02 18:42 UTC

head link

[Samba] default backend = rid not showing full group information for users

On 02/05/2020 19:28, Jelle de Jong via samba wrote:> root at s4ad01:~# samba-tool user show jdoe 
There is no apparent reason why the groups do not work with chgrp, the 
only reason I can think of is that the group was created and when you 
tried to 'chgrp' the file, winbind read from its cache and it wasn't
in
the cache. Try running 'net cache flush' and then try 'chgrp'
again.

Rowland

Seemingly Similar Threads

Search for more apparently analagous threads

samba - May 2020 - default backend = rid not showing full group information for users

[Samba] default backend = rid not showing full group information for users

[Samba] default backend = rid not showing full group information for users

[Samba] default backend = rid not showing full group information for users

Seemingly Similar Threads