Web lists-archives.com

Re: [Samba] Odd behavior on group membership




On Tue, 27 Nov 2018 16:39:41 -0200
Marcio Vogel Merlone dos Santos via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hi,
> 
> I have a samba 4.7 AD DC running on a Ubuntu 18.04 server with distro 
> packages. I update a user with a new group and this new membership is 
> not reflected on that user. On example below, I can successfully add
> the user "test.account" to group "test", but not my user
> "marcio.merlone":
> 
> root@araucaria:~# id test.account
> uid=30214(A1\test.account) gid=100(users) 
> groups=100(users),3000008(BUILTIN\users)
> root@araucaria:~# samba-tool group addmembers test test.account
> Added members to group test
> root@araucaria:~# id test.account
> uid=30214(A1\test.account) gid=100(users) 
> groups=100(users),3000203(A1\test),3000008(BUILTIN\users)
> 
> User test.account was added successfully to group test. Although:
> 
> root@araucaria:~# samba-tool group addmembers test marcio.merlone
> Added members to group test
> root@araucaria:~# id marcio.merlone
> uid=1014(A1\marcio.merlone) gid=100(users) 
> groups=100(users),512(A1\domain 
> admins),3000008(BUILTIN\users),10012(BUILTIN\administrators)
> root@araucaria:~#
> 
> Group "test" does not show up. Also tried changing groups using ADUC
> and LDAP Account Manager, no diff.
> 
> Those tests where made on DC for debugging purposes, but I need this 
> membership change reflected on a member server running squid proxy. 
> Tracked down to DC not working as expected also. Same happens when 
> removing a group membership.
> 
> Already tried net cache flush, winbind + smbd + nmbd restart,
> removing tdb files from /var/lib, no luck.
> 
> Any thoughts?
> 

Is this on a Unix domain member ?

gid=100(users) shows that this is probably on a DC and 'Domain Users'
doesn't have a gidNumber (unless it is set to '100')

10012(BUILTIN\administrators) shows that 'administrators' does have a
gidNumber

'winbind + smbd + nmbd restart' would suggest it is a Unix domain member

Please post the smb.conf file(s)

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba