Bug 5038 - Winbind 'wbinfo -g' only returns BUILTIN groups
Winbind 'wbinfo -g' only returns BUILTIN groups
Status: NEW
Product: Samba 3.0
Classification: Unclassified
Component: winbind
x86 Linux
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2007-10-24 03:16 UTC by Herman
Modified: 2007-10-24 03:16 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Herman 2007-10-24 03:16:56 UTC
This is a problem caused by a dumb configuration change in Windows 2003 ADS.  If you have a MCSE code monkey who believes that 'If you can do it in the GUI then it must be legal', then this can cause severe stress, elevated blood pressure and hair loss.  It is postulated that this is the horribly mutilating bug that caused an ancient group of monkeys to lose most of their beautiful shiny fur and move to North Africa to build beautiful shiny pyramids.

1. Create a new Organizational Unit OU1 with a security group group1 and user user1 in Windows ADS.
2. Make user1 a member of group1.
3. In a Linux ADS member server, verify that group and user enumeration is on in smb.conf.
4. Verify that 'wbinfo -g' and 'wbinfo -u' work as expected and list all groups and users.
5. Create a new OU2 in Windows ADS next to OU1.
6. Drag group1 from OU1 to its new neighbour OU2.  Windows will pop up a warning that this isn't exactly a good idea. Invoke the 'See no Evil' monkey and ignore the warning.
7. Now see that 'wbinfo -g' only returns the BUILTIN groups and 'wbinfo -u' returns nothing at all.  If you are adventurous, see that the user1 login also doesn't work anymore.
8. Delete the two OUs and their offending contents and see that everything works again.

Sigh, Windows, grumble...