samba-users September 2011 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: Re: [Samba] getent group not listing domain groups

Re: [Samba] getent group not listing domain groups / wbinfo -r not working

From: Ľubomír Brindza <lubomir.brindza_at_nospam>
Date: Wed Sep 21 2011 - 14:29:50 GMT
To: samba@lists.samba.org

Update. Ugly hacks abound, be warned.

> As far as I can tell, nsswitch.conf is also configured properly, since
> `getent passwd` dumps local users, waits about .2 seconds, and dumps
> domain users:
>> sasa.sokolova:*:10283:10001:Sasa
>> Sokolova:/home/LIONSK/sasa.sokolova:/bin/false
>> adam.szabados:*:10284:10001:Adam
>> Szabados:/home/LIONSK/adam.szabados:/bin/false
> (All domain users are members of group '10001', is this normal?)
As I've found out, the `getent passwd` lists users and their *primary*
AD group, which is 'Domain Users' by default. After changing the user's
primary group (and restarting the whole server, unsure how often wbinfo
refreshes its data), `getent passwd` shows users along with their new
primary group (the one I'm actually looking for).

Please note that at my organization, there is very little to no overlap
between different AD groups, so this ugly ha^H^H^H fix may not
necessarily work out for you. I'm using 'plain' AD -> UID/GID identity
mapping, and you might want to use idmap_rid backend.

Since `wbinfo -r <user>` still fails however, I've resorted to altering
the wbinfo_group.pl script shipped with squid (it's used to check
whether a user belongs to a group). Patch attached; don't laugh :>

I understand that this could result in a large performance hit (among
other things), but so far it's working as intended.

Please don't hesitate to point out the flaws.

-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba