Web lists-archives.com

[Samba] SOLVED (kind of) Re: Odd behavior on group membership




So,

My problem started on squid not seeing group changes "on the fly". The link Rowland provided says the user must authenticate to winbind see the new groups, so my workaround was to query ldap directly and bypass winbind, or in other words, use ext_ldap_group_acl instead of ext_wbinfo_group_acl.

Best regards.

Em 28/11/2018 11:32, Rowland Penny escreveu:
On Wed, 28 Nov 2018 10:12:39 -0200
Marcio Vogel Merlone dos Santos via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hi Rowland, thank you for your prompt reply,

I sent you the testparam output hence lots of defaults (i presumed
would be better), here is crude smb.conf:

root@araucaria:~# cat /etc/samba/smb.conf
[global]
      netbios name = ARAUCARIA
      realm = AD.TLD
      server role = active directory domain controller
      workgroup = A1
      server services = -dns
      ldap server require strong auth = no
      wins support = yes
      ntlm auth = yes
      log file = /var/log/samba/%m.log
      log level = 1 auth_audit:3 auth_json_audit:3
      idmap_ldb:use rfc2307 = yes
      idmap config * : backend = tdb
      template shell = /bin/bash
      template homedir = /home/usuarios/%U


OK, You cannot get a correct list of a users supplementary groups
unless the user has logged into the computer, see here (under 'winbind
changes' near the bottom of the page):

https://wiki.samba.org/index.php/Samba_4.6_Features_added/changed

Rowland
--
*Marcio Merlone*
TI - Administrador de redes

*A1 Engenharia - Unidade Corporativa*
Fone: 	+55 41 3616-3797
Cel: 	+55 41 99689-0036

https://a1.ind.br/ <https://a1.ind.br>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba