This test also needs the info on.. which backend? .. And, did you login/logout again after adding the user. Just like in windows, after you authenticated and being added to a group, you need to logout/login again to get it activated. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland penny via samba > Verzonden: donderdag 24 september 2020 12:51 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Adding user to group doesn't propagate? > > On 24/09/2020 09:19, Harald Hannelius via samba wrote: > > I tried to file a bug report on this, but Bj?rn Jacke > didn't see a bug > > here and suggested I should contact commercial support for > Samba instead. > > This morning I investigated this and yes, if you if you add a > user to a > group and run 'id username' on a Unix domain member, the new group is > not shown. Interestingly it does appear to work on a DC. > > I did find that running 'wbinfo -a username' does appear to > make the new > group show up in the output from 'id username' > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
On 24/09/2020 12:30, L.P.H. van Belle via samba wrote:> This test also needs the info on.. which backend? ..I was using the 'ad' backend, but I think this doesn't make any difference> > And, did you login/logout again after adding the user.No, I didn't, but the only way I could get the user to show up as a member of the group was to run 'wbinfo -a username' which amounts to re-authenticating.> Just like in windows, after you authenticated and being added to a group, you need to logout/login again to get it activated.That is the piece of information I struggled to find and if that is the case, then I feel that Samba is working in the same way as Windows. Rowland
> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland penny via samba > Verzonden: donderdag 24 september 2020 13:57 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Adding user to group doesn't propagate? > > On 24/09/2020 12:30, L.P.H. van Belle via samba wrote: > > This test also needs the info on.. which backend? .. > I was using the 'ad' backend, but I think this doesn't make > any differenceWell, there is a small differenct in the result of the order of working.. Ad backend, must be. - create group, add GID. - adduser to group. - setup rights (add the groups as acl to filesystem/folder/file) Only now you will see the folder with the new group on it. Rid backend can be, - create group - setup rights Now you will see the folder with the new group on it. - adduser> > > > And, did you login/logout again after adding the user. > No, I didn't, but the only way I could get the user to show up as a > member of the group was to run 'wbinfo -a username' which amounts to > re-authenticating.Aah, thats same as logout/login ;-)> > Just like in windows, after you authenticated and being > added to a group, you need to logout/login again to get it activated. > > That is the piece of information I struggled to find and if > that is the > case, then I feel that Samba is working in the same way as Windows.Well, there are still the options to try.. gpasswd for immediate change: gpasswd -a someuser somegroup exec su -l $USER newgrp groupname sg group Greetz, Louis
On Thu, 24 Sep 2020, Rowland penny via samba wrote:> On 24/09/2020 12:30, L.P.H. van Belle via samba wrote: >> This test also needs the info on.. which backend? .. > I was using the 'ad' backend, but I think this doesn't make any difference >> >> And, did you login/logout again after adding the user. > No, I didn't, but the only way I could get the user to show up as a member of > the group was to run 'wbinfo -a username' which amounts to re-authenticating. >> Just like in windows, after you authenticated and being added to a group, >> you need to logout/login again to get it activated. > > That is the piece of information I struggled to find and if that is the case, > then I feel that Samba is working in the same way as Windows.This is how Unix and Linux groups works too. One have to log out and in again in order to get the new group membership show up for the user. But when someone else looks at the group with e.g. 'getent group it' the user is listed immediately (bar nscd and so on), even while the user is still logged on. So the group membership in Samba isn't updated on the member server until the user logs out and in again? I have tried restarting the server processes on the member server, and this doesn't change it. I could live with the user not being a member of the group until they log out and in again but I think it's kind of funny that the group membership doesn't show up with e.g. 'groups username' on one member server but it does on another. -- Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020