On 02/02/2021 15:16, Piviul via samba wrote:> Il 02/02/21 11:26, Rowland penny via samba ha scritto:
>> [...]
>> What, apart from still using Samba 4.5.16 ?
>
> debian; I have the same strange behaviour in stretch (oldstable) and
> in bullseye (testing), I don't known in buster (stable) but I can try.
> oldoldstable seems to work correctly
>
>
>> I do not know, if you are going to post a part of the smb.conf, post
>> the entire smb.conf
> # Global parameters
> [global]
> ??? lock directory = /var/cache/samba/
> ??? log file = /var/log/samba/log.%m
> ??? logging = file
> ??? map to guest = Bad User
> ??? max log size = 1000
> ??? obey pam restrictions = Yes
> ??? pam password change = Yes
> ??? panic action = /usr/share/samba/panic-action %d
> ??? realm = AD.CSARICERCHE.COM
> ??? security = ADS
> ??? server string = %h server (Samba, Ubuntu)
> ??? template shell = /bin/bash
> ??? usershare allow guests = Yes
> ??? winbind offline logon = Yes
> ??? winbind refresh tickets = Yes
> ??? wins server = 192.168.64.2
> ??? workgroup = DOMINIOCSA
> ??? idmap config dominiocsa : range = 10000-24999
> ??? idmap config dominiocsa : backend = rid
> ??? idmap config * : range = 3000-9999
> ??? idmap config * : backend = tdb
>
>
> [test]
> ??? browseable = No
> ??? comment = test force group directive
> ??? force group = "@DOMINIOCSA\Domain Users"
> ??? path = /home/test_share
> ??? write list = "@DOMINIOCSA\Domain Users"
There doesn't seem to be anything wrong with that smb.conf except for
the 'wins server' line, you don't use wins with Samba
AD.>
>
> Furthermore I don't know if it's normal but getent group or wbinfo
> --group-info doesn't show member users but if I set winbind expand
> groups to 1 the getent group and wbinfo --group-info shows correctly
> the member users.
You need to fix that, 'getent passwd username' & 'getent group
groupname' must produce output.
Also, as 'Domain Users' is the default primary group for domain users,
you don't really need the 'force group' line.
Rowland