On Fri, Jan 27, 2012 at 10:23:14PM +0600, Eugene M. Zheganin wrote: > On 27.01.2012 14:48, Eugene M. Zheganin wrote: > >Hi. > > > >FreeBSD 8.2 > >Samba 3.5.11 from ports > > > >I have an issue with group membership. id shows only small part of > >the groups a user is member of. I'm aware about UNIX max group > >issue, but this isn't related to it - for example for a user which > >is member of the 6 griups id shows only 3. Although wbinfo -r > >shows correct number of groups and wbinfo -G is able to > >successfully translate UNIX group to a domain SID. > > > > > I was able to localize the problem a bit more. > > First of all, winbind doesn't recognize at all the Universal domain > groups. Since I have only one domain, I simply changed all the > universal group I'm interested in to global ones (still wonder who > and why created all these groups as universal). > > But this solved only a part of the problem. I sill don't see all of > the domain groups in 'id' output for the user. > I compared the 'wbinfo -g' output and the 'getent group' output. In > the 'getent group' some groups are missing ! > These are the same groups that are missing from 'id user'. > > > So.... any ideas ?
"id user" can not work reliably without a successful authentication using "wbinfo -a" before. There are just too many group combinations to take care of, and certain trust scenarios just can never work due to insufficient access to the trusted domains. If you have a problem with "id" after having successfully logged in to the box, this is a problem that we will definitely chase. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:[email protected] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
