Web lists-archives.com

[Samba] id <username> - doesnt list all groups




Hello,

my enviroment:

All Servers are Ubuntun 16.04-18.04

SAMBA AD DC Server and several SAMABA DOMAIN MEMBER (connected via WINBIND). In ADDC I've created a group "restrictaccess" and added some users.

Now when im typing "id <username>" on a Domain Member, for some users the group "restrictaccess" are listed for some not!

For example:

ON DC:

# samba-tool group listmembers restrictaccess

user1
user2

ON Domain Member:

# id user1

uid=10065(user1) gid=10036(domain users) Gruppen=10036(domain users),3001(BUILTIN\users)

# id user2

uid=20578(user2) gid=10036(domain users) Gruppen=10036(domain users),*10153(**restrictaccess**)*,3001(BUILTIN\users)

smb.conf on Domain Member:

[global]
 security = ads
 realm = rootrudi.de
 workgroup = ROOTRUDI
 idmap config *: backend = tdb
 idmap config *: range = 3000-7999
 idmap config rootrudi:backend = ad
 idmap config rootrudi:range = 10000-999999
 idmap config rootrudi:schema_mode = rfc2307
 idmap config rootrudi:unix_nss_info = no
 template shell = /bin/bash
 template homedir = /home/%U
 domain master = No
 local master = No
 preferred master = No
 os level = 0
 restrict anonymous = 2
 winbind cache time = 10
 winbind enum groups = Yes
 winbind enum users = Yes
 winbind use default domain = Yes
 map acl inherit = Yes
 store dos attributes = Yes
 vfs objects = acl_xattr

What happened?

Best regards

Micha

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba