I have samba 3.0.10 connected with winbind an kerberos to an W2K Domain. With getent passwd i can see all the users, with getent group all groups but there are not all the members in every group. I findout that for every user the primary group is not solved in the getent passwd. example: This is the WRONG output from getent: [root@komm1-neu root]# getent group|grep Benutzer Domänen-Benutzer:x:10006:eichel,will The following output is TRUE: [root@komm1-neu root]# id eichel;id will;id kohl;id schroeder;id schaefer uid=10003(eichel) gid=10012(Buha) groups=10012(Buha),10006(Domänen-Benutzer) uid=10005(will) gid=10011(GL) groups=10011(GL),10006(Domänen-Benutzer) uid=10006(kohl) gid=10006(Domänen-Benutzer) groups=10006(Domänen-Benutzer) uid=10007(schroeder) gid=10006(Domänen-Benutzer) groups=10006(Domänen-Benutzer) uid=10000(schaefer) gid=10006(Domänen-Benutzer) groups=10006(Domänen- Benutzer),10011(GL) ...as you see here: eichel and will uses other prim-groups then the other users. But thoese both users where not shown in there own prim-groups: [root@komm1-neu root]# getent group|grep GL;getent group|grep Buha GL:x:10011:schaefer Buha:x:10012: If i use cat /prog/<PID>/status or wbinfo --user-groups=XXXX i get the normal output also. BUT: the wrong groupmapping in getent means that i cannot assign the right in the filesystem !
I could be remembering this incorrectly, but I thought that primary group was left out of getent group as an optimization. If you do getent passwd, you will see that each user has the proper entry for the primary group. If you don't see the primary group in the proper place of getent passwd than this is a bug, but if you see all of the groups in id and they work for purposes of access, it's probably as intended.
(In reply to comment #1) > If you do getent passwd, you will see that each user has the proper entry for >the primary group. Yes, thats true, i see the proper primaryGroupId with getent passwd. But, if i cannot see all the users belongs to one group (for ex. Domain Users), i believe, i cannot set the rights to that group in my smb.conf !? I will try it out an will give an feedback here. >primary group was left out of getent group as an optimization ... I can't believe that, this is only one more entry per user - but if this is true: is there another way to findout wich users belongs to an specific group on the samba-server ?
Is this still an issue in 3.0.11 ? Pleas retest and let me know. Ther optimization Marc was talking about was to prevent haveing to do a query_user for every intry return the ldap search of AD. But I looked the other day and couldn't find that code. So it might be fixed now.
closing awaiting feedback on whwther the bug in fixed in 3.0.11 or not.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
I'm still experiencing the same in version 3.6.3