In delving deeper into my problem, I have found one common denominator in all of the domain groups that are not presented when I run 'wbinfo -g'. Each of them is set up with a Global Scope of 'Domain Local'. The other options available for this configuration setting are 'Global' (these groups show up!), and 'Universal' (don't have any of these).
I don't know much about this setting. Any MCSEs out there that do? I could recreate those groups, but I'm worried that it may impact my current protections since a new SID will be created. Anybody have any ideas? Can winbind be configured to see these types of groups as well? See my original post below for more information. TIA, ry -----Original Message----- From: Ryan Frantz Sent: Thursday, June 17, 2004 6:26 PM To: '[EMAIL PROTECTED]' Subject: wbinfo - Missing Domain Groups Has anybody found that the 'wbinfo' command does not list all groups in a Windows domain? Here's what's in my playground: Windows 2000 Server SP4 PDC RH 9 (2.4.20-6) OpenSSL 3.8p1 MIT Kerberos 1.3.3 Samba 3.0.4 --begin 'smb.conf' snip- winbind separator = . idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes security = ads password server = * ; passdb backend = tdbsam --end 'smb.conf' snip- As you can see, I have Samba (winbind, really) configured to enumerate users and groups. However, when I run 'wbinfo -g' the output does not show all of my Windows groups. Neither does 'getent group'. I'm looking for something in the Windows/domain configuration but haven't found anything yet. This is hindering me from deploying a Samba file server as some of those 'missing' groups own sensitive directories on our aging (Windows) file server. Anyone have any ideas? ry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
