Rowland Penny
2025-Jan-21 20:20 UTC
[Samba] differences between 'getent group GROUP1' and 'sudo samba-tool group listmembers GROUP1'
On Tue, 21 Jan 2025 21:10:31 +0100 PaLi via samba <samba at lists.samba.org> wrote:> Hello > > Thank for suggestion to config fixes. Back to my original question. > > Is it possible make > > getent group > > working on Samba 4 DCYes, but why ? It isn't required for Samba to work, use 'getent group GROUPNAME' instead.> to return list of group members to every group line, as it does for > group in /etc/group ? > > I know that I cat get this under root account by? > samba-tool group listmembers > > But how to get members of group under non-root account? > > > Second part of question. I've read somewhre it is better way to join > linux clients to Samba 4 domain by sssd (than by winbind) and then > getent group > could work correctly. Is it true?Do not ask me about sssd, I do not use it and do not see the point of it with Samba when you also have to use winbind. sssd is a clone of winbind.> > But it cannot be case on Samba DC, right?? > I can't join DC to itself by sssd, right? > Then how to do it?You don't. Why the fixation with 'getent group' ? Rowland
pavel.lisy at gmail.com
2025-Jan-21 20:49 UTC
[Samba] differences between 'getent group GROUP1' and 'sudo samba-tool group listmembers GROUP1'
On Tue, 2025-01-21 at 20:20 +0000, Rowland Penny via samba wrote:> On Tue, 21 Jan 2025 21:10:31 +0100 > PaLi via samba <samba at lists.samba.org> wrote: > > > Hello > > > > Thank for suggestion to config fixes. Back to my original question. > > > > Is it possible make > > > > getent group > > > > working on Samba 4 DC > > Yes, but why ? > It isn't required for Samba to work, use 'getent group GROUPNAME' > instead.I don't know if my question was clear enough.? Real example could be better explanation. real OUTPUT of samba-tool --- $ sudo samba-tool group listmembers 'domain users' dns-dc21 Administrator pali luno peli misi krbtgt dhcpduser masi dns-DC22 real OUTPUT of getent group --- $ sudo getent group 'domain users' OFFICE\domain users:x:2000: My problem is that both tools return different result.? (getent group -- shows no members) Do you aggree that it is not correct behaviour? Other example -- real situation I will log to DC (or other linux machine joined to Samba 4) through ssh (terminal session) as non privileged user. I want to get list of members for group 'Domain Users'. How can I do it without getent group working? Pavel> > to return list of group members to every group line, as it does for > > group in /etc/group ? > > > > I know that I cat get this under root account by? > > samba-tool group listmembers > > > > But how to get members of group under non-root account? > > > > > > Second part of question. I've read somewhre it is better way to > > join > > linux clients to Samba 4 domain by sssd (than by winbind) and then > > getent group > > could work correctly. Is it true? > > Do not ask me about sssd, I do not use it and do not see the point of > it with Samba when you also have to use winbind. sssd is a clone of > winbind. > > > > > But it cannot be case on Samba DC, right?? > > I can't join DC to itself by sssd, right? > > Then how to do it? > > You don't. > Why the fixation with 'getent group' ? > > Rowland >
Apparently Analagous Threads
- differences between 'getent group GROUP1' and 'sudo samba-tool group listmembers GROUP1'
- differences between 'getent group GROUP1' and 'sudo samba-tool group listmembers GROUP1'
- differences between 'getent group GROUP1' and 'sudo samba-tool group listmembers GROUP1'
- differences between 'getent group GROUP1' and 'sudo samba-tool group listmembers GROUP1'
- [PATCH 0/7] Fixes for lib-mail message-address