The Samba-Bugzilla – Bug 7829
Missing secondary groups
Last modified: 2011-05-16 20:27:48 UTC
There is a FreeBSD 8.1 system with Samba 3.5.6. It is a member of Active Directory domain (domain controllers are WinSrv2008R2 and WinSrv2008).
wbinfo correctly provides user and group lists, as well as group membership information. It is possible to use domain user and group names in commands like chown and chgrp.
However, the id command displays only the primary group for domain users.
Furthermore, domain users are not able to access any files owned by their non-primary domain groups.
For example, running
$ id petert
results in the following output:
uid=10000(petert) gid=10009(domain users) groups=10009(domain users)
There should be 10 more groups here.
getent passwd and getent group does not show domain users and groups.
There is also an error message "getgrent failed: NT_STATUS_NO_MORE_ENTRIES" in the log.winbind file:
[2010/11/27 19:47:43.856773, 6] winbindd/winbindd.c:768(new_connection)
accepted socket 29
[2010/11/27 19:47:43.856837, 3]
[2010/11/27 19:47:43.856966, 6]
closing socket 28, client exited
[2010/11/27 19:47:43.859876, 3]
[2010/11/27 19:47:43.859904, 5]
getgrent failed: NT_STATUS_NO_MORE_ENTRIES
[2010/11/27 19:47:43.860164, 3]
[2010/11/27 19:47:43.872512, 3]
[2010/11/27 19:47:43.872770, 6]
closing socket 29, client exited
The system was verified to work properly with Samba 3.4.9.
This looks like a duplicate of Bug #8099. Can you please check if that patch works for you as well ?
... if not, please reopen. closing this for now.