I believe I have tracked down the source of this bug, which will hopefully lead to an easy fix.
The problem appears to be the inability of SID S-1-18-1 to be mapped (See https://support.microsoft.com/kb/2830145 for an explanation why). Winbind gets a list of all groups, and that SID is returned, then attempts to map them to GIDs but fails because that SID cannot be mapped. If one runs: wbinfo -U [uid] then takes the SID that results and does wbinfo --user-sids=[users SID] a list of groups will be returned, along with the users SID. I am able to map all of them back to objects/groups in the domain, except for the S-1-18-1 SID. This nicely matches the output of groups [user] which on my machine returns all of the groups I belong to, except for one, for which the command returns "groups: cannot find name for group ID 100000", where 100000 is the beginning of the idmap * range in smb.conf. I am almost certain the GID 100000 corresponds to the unmappable S-1-18-1 SID and is the reason "getent group" only returns local groups. A patch may be as simple as winbind just ignoring S-1-18-1 and S-1-18-2 when returned as an SID for a group. This appears to have been the behavior for earlier versions of winbind, as running wbinfo -s [user SID] on a centos 6 machine using Samba 3.6 returns all of the SIDs for the user's groups, except the bad S-1-18-1 SID. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1307778 Title: getent group on trusty returns only local groups To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1307778/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
