LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 12-07-2012, 07:30 PM   #1
hampeh
LQ Newbie
 
Registered: Mar 2005
Distribution: fedora, slackware
Posts: 16

Rep: Reputation: 0
samba AD group inconsistency


Hi all.

I just noticed a weird problem and I have been spending couple of days to find the issues. I have centos 5.8 with samba3x-3.5 connecting to AD.

What i just noticed is that, certain users have groups that are not even assigned to them. At first I thought it was cache and tried restarting samba and winbind and it didnt work.

Code:
[root@linux-box ~]# getent group
***cut***
adm:*:608:ronie,linda
ehth:*:612:johnq
here is when i run the command id for user who is not in any group
Code:
[root@linux-box ~]# id eliza
uid=605(eliza) gid=608(adm) groups=608(adm),616(ceo),605(draft),610(ffh),617(finance),615(cph),613(sales),612(ehth),618(admh),619(hssh),607(ff),620(fin-h),604(domain users),621(hss),614(cp),601(BUILTIN+users)
as for user johnq, his group is ehth but the results looks different.
Code:
[root@linux-box ~]# id johnq
uid=616(johnq) gid=604(domain users) groups=604(domain users),616(ceo),605(draft),610(ffh),617(finance),615(cph),612(ehth),618(admh),619(hssh),607(ff),620(fin-h),621(hss),608(adm),614(cp),601(BUILTIN+users)
I have checked randomly and some of the users are correct, only some have this sort of problems. It puzzles me.

Any pointers is appreciated.

Thanks!
 
Old 12-12-2012, 02:41 PM   #2
aedurkee
LQ Newbie
 
Registered: Sep 2012
Location: Tonawnada, NY
Distribution: CentOS Redhat ubuntu mint
Posts: 15

Rep: Reputation: Disabled
Is there an overlap of gid (group identifiers (numbers)) on the host in /etc/groups and the UNIX attributes of the AD groups, they need to be unique.
Is the /etc/nsswitch.conf group entry set to "group file ldap"?
 
Old 12-13-2012, 01:31 AM   #3
hampeh
LQ Newbie
 
Registered: Mar 2005
Distribution: fedora, slackware
Posts: 16

Original Poster
Rep: Reputation: 0
Hi,

There's no overlap. However I just noticed that prior to that, users have access to multiple groups and when it was removed from AD, ldap seems to still have the cache around. Restarting samba winbind didnt do the trick. I went through samba docs and decided to add in the config

Quote:
winbind cache time = 5
Restart samba and winbind. Check the users still the same. I decided to let it run. So the next day i checked, users/groups in samba are in sync with AD. I am trying to replicate the issues and see if i could simulate the same problem again. As of now, i consider this problem as solved.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Use a different group in Samba digity Linux - Newbie 1 02-05-2009 08:27 PM
Samba domain member server (DMS) group permissions in network with a Samba PDC srosa Linux - Networking 0 05-01-2006 06:55 PM
Group Policies on samba mikepengelly Linux - Networking 3 08-25-2004 10:52 PM
Samba inconsistency SpaceGhoti Linux - Networking 4 04-22-2004 02:45 AM
Samba: What group/user is used by Samba to access directories? DJ_Cyberdance Linux - Networking 3 10-04-2003 05:21 AM


All times are GMT -5. The time now is 07:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration