Rowland penny
2020-May-02 18:42 UTC
[Samba] default backend = rid not showing full group information for users
On 02/05/2020 19:28, Jelle de Jong via samba wrote:> root at s4ad01:~# samba-tool user show jdoeThere is no apparent reason why the groups do not work with chgrp, the only reason I can think of is that the group was created and when you tried to 'chgrp' the file, winbind read from its cache and it wasn't in the cache. Try running 'net cache flush' and then try 'chgrp' again. Rowland
Jelle de Jong
2020-May-02 19:36 UTC
[Samba] default backend = rid not showing full group information for users
On 2020-05-02 20:42, Rowland penny via samba wrote:> On 02/05/2020 19:28, Jelle de Jong via samba wrote: >> root at s4ad01:~# samba-tool user show jdoe > > There is no apparent reason why the groups do not work with chgrp, the > only reason I can think of is that the group was created and when you > tried to 'chgrp' the file, winbind read from its cache and it wasn't in > the cache. Try running 'net cache flush' and then try 'chgrp' again.What should the "winbind expand groups" option be set to for a working setup? If I remove "winbind expand groups" there are no group members shown at all with the "getent group" command. root at s4ad01:~# net cache flush root at samba01:~# net cache flush root at samba01:~# wbinfo --group-info=development development:x:11111:jdoe root at samba01:~# wbinfo --group-info=office office:x:11106:lgaga,jdoe jdoe at samba01:~$ id jdoe uid=11157(jdoe) gid=10513(domain users) groups=10513(domain users),11157(jdoe),3001(BUILTIN\users) jdoe at samba01:~$ chgrp "office" test.txt chgrp: changing group of 'test.txt': Operation not permitted jdoe at samba01:~$ samba-tool --version 4.9.5-Debian root at samba01:~# cat /etc/samba/smb.conf [global] workgroup = SAMDOM security = ADS realm = SAMDOM.POWERCRAFT.NL winbind refresh tickets = Yes vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind use default domain = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes username map = /usr/local/samba/etc/user.map log file = /var/log/samba/%m.log log level = 1 idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config SAMDOM:backend = rid # idmap config SAMDOM:schema_mode = rfc2307 idmap config SAMDOM:range = 10000-999999 # idmap config SAMDOM:unix_nss_info = yes template shell = /bin/bash template homedir = /home/%U # idmap config SAMDOM:unix_primary_group = yes winbind enum users = yes winbind enum groups = yes winbind expand groups = 1 Is this a samba bug then in version 4.9.5-Debian? Jelle de Jong
Rowland penny
2020-May-02 19:49 UTC
[Samba] default backend = rid not showing full group information for users
On 02/05/2020 20:36, Jelle de Jong via samba wrote:> On 2020-05-02 20:42, Rowland penny via samba wrote: >> On 02/05/2020 19:28, Jelle de Jong via samba wrote: >>> root at s4ad01:~# samba-tool user show jdoe >> >> There is no apparent reason why the groups do not work with chgrp, >> the only reason I can think of is that the group was created and when >> you tried to 'chgrp' the file, winbind read from its cache and it >> wasn't in the cache. Try running 'net cache flush' and then try >> 'chgrp' again. > > What should the "winbind expand groups" option be set to for a working > setup? If I remove "winbind expand groups" there are no group members > shown at all with the "getent group" command.That is because? the default 'winbind expand groups = 0' means that winbind doesn't query for groups, try with '2' instead. Rowland
Possibly Parallel Threads
- default backend = rid not showing full group information for users
- default backend = rid not showing full group information for users
- default backend = rid not showing full group information for users
- default backend = rid not showing full group information for users
- default backend = rid not showing full group information for users