Web lists-archives.com

Re: [Samba] id <username> - doesnt list all groups




On Tue, 7 Aug 2018 12:20:04 +0200
Micha Ballmann via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hello,
> 
> my enviroment:
> 
> All Servers are Ubuntun 16.04-18.04
> 
> SAMBA AD DC Server and several SAMABA DOMAIN MEMBER (connected via 
> WINBIND). In ADDC I've created a group "restrictaccess" and added
> some users.
> 
> Now when im typing "id <username>" on a Domain Member, for some users 
> the group "restrictaccess" are listed for some not!
> 
> For example:
> 
> ON DC:
> 
> # samba-tool group listmembers restrictaccess
> 
> user1
> user2
> 
> ON Domain Member:
> 
> # id user1
> 
> uid=10065(user1) gid=10036(domain users) Gruppen=10036(domain 
> users),3001(BUILTIN\users)
> 
> # id user2
> 
> uid=20578(user2) gid=10036(domain users) Gruppen=10036(domain 
> users),*10153(**restrictaccess**)*,3001(BUILTIN\users)
> 
> smb.conf on Domain Member:
> 
> [global]
>   security = ads
>   realm = rootrudi.de
>   workgroup = ROOTRUDI
>   idmap config *: backend = tdb
>   idmap config *: range = 3000-7999
>   idmap config rootrudi:backend = ad
>   idmap config rootrudi:range = 10000-999999
>   idmap config rootrudi:schema_mode = rfc2307
>   idmap config rootrudi:unix_nss_info = no
>   template shell = /bin/bash
>   template homedir = /home/%U
>   domain master = No
>   local master = No
>   preferred master = No
>   os level = 0
>   restrict anonymous = 2
>   winbind cache time = 10
>   winbind enum groups = Yes
>   winbind enum users = Yes
>   winbind use default domain = Yes
>   map acl inherit = Yes
>   store dos attributes = Yes
>   vfs objects = acl_xattr
> 
> What happened?
> 

Nothing, it is just that the user will not be logged in, this is from a
unix domain member that the user 'emily' isn't logged into:

id emily
uid=10001(emily) gid=10000(domain users) groups=10000(domain users),2001(BUILTIN\users)

And from one where she is:

id emily
uid=10001(emily) gid=10000(domain_users) groups=10000(domain_users),10002(unixgroup),10010(group12),2001(BUILTIN\users)

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba