localgroups on a member server are not listed. On a 3.5 member server do: # net sam createlocalgroup localusers # getent group 'dds13\localusers' DDS13\localusers:x:2000000: # getent group | grep -i localuser (nothing) the relevant part of smb.conf: idmap backend = tdb idmap uid = 2000000-3000000 idmap gid = 2000000-3000000 winbind enum users = yes winbind enum groups = yes The same problem applies to the BUILTIN domain. Domain groups are being listed correctly.
This bug still reproduces on Samba 4.1.2
Created attachment 10706 [details] patch for master
Comment on attachment 10706 [details] patch for master This patch won't apply cleanly to master anymore. There is AD DC code that enumerates local groups, but that is activated only on the DC. If there's a need to enumerate local groups on the domain member as well, this patch needs to be rewritten.