4

I am running Samba 4 as an AD Server. Everything works fine, beside the members of a group is not listed by getent group:

# getent group
...snip...
LOCAL\Enterprise Read-Only Domain Controllers:*:3000040:
LOCAL\Domain Admins:*:512:
LOCAL\Domain Users:*:513:
LOCAL\Domain Guests:*:3000012:
LOCAL\Domain Computers:*:3000018:
LOCAL\Domain Controllers:*:3000034:
LOCAL\Schema Admins:*:3000007:
LOCAL\Enterprise Admins:*:3000006:
LOCAL\Group Policy Creator Owners:*:3000004:
LOCAL\Read-Only Domain Controllers:*:3000041:
LOCAL\DnsUpdateProxy:*:3000042:

but they are listed by the id tool:

$ id Administrator
uid=3000000(LOCAL\Administrator) gid=513(LOCAL\Domain Users) \
    groups=513(LOCAL\Domain Users),3000004(LOCAL\Group Policy Creator \
    Owners),3000006(LOCAL\Enterprise Admins),512(LOCAL\Domain \
    Admins),3000007(LOCAL\Schema Admins)

I need this to set group permissions in the smb.conf. I need this, because setting the rights with windows explorer on the share itself does not work. And I would also like to use these groups in the linux system itself.

ribx
  • 59
  • 2
  • 3
  • have you tried with getent passwd Administrator? – c4f4t0r Sep 01 '14 at 19:02
  • That works as expected: LOCAL\Administrator:*:3000000:513::/home/LOCAL/Administrator:/bin/false – ribx Sep 01 '14 at 22:49
  • Have you succeed on setting up group permissions in `smb.conf`? I'm having the same issue... Everything works expect things related to groups :-/ – Jakov Sosic Dec 12 '16 at 01:26
  • I kind of did. I separated Samba4 DC from the file server and used the old samba3 code to serve files. What also worked was setting group permissions via Windows on the share. I think that is the expected way to go. Still there you have no groups in the linux system. – ribx Dec 13 '16 at 10:06

1 Answers1

1

You can use the group, getent group just does not show the members. samba-tool group listmembers 'LOCAL\Domain Users' should show the members.

Uwe Burger
  • 166
  • 3