Register a domain and help support LQ
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 12-07-2012, 07:30 PM   #1
LQ Newbie
Registered: Mar 2005
Distribution: fedora, slackware
Posts: 16

Rep: Reputation: 0
samba AD group inconsistency

Hi all.

I just noticed a weird problem and I have been spending couple of days to find the issues. I have centos 5.8 with samba3x-3.5 connecting to AD.

What i just noticed is that, certain users have groups that are not even assigned to them. At first I thought it was cache and tried restarting samba and winbind and it didnt work.

[root@linux-box ~]# getent group
here is when i run the command id for user who is not in any group
[root@linux-box ~]# id eliza
uid=605(eliza) gid=608(adm) groups=608(adm),616(ceo),605(draft),610(ffh),617(finance),615(cph),613(sales),612(ehth),618(admh),619(hssh),607(ff),620(fin-h),604(domain users),621(hss),614(cp),601(BUILTIN+users)
as for user johnq, his group is ehth but the results looks different.
[root@linux-box ~]# id johnq
uid=616(johnq) gid=604(domain users) groups=604(domain users),616(ceo),605(draft),610(ffh),617(finance),615(cph),612(ehth),618(admh),619(hssh),607(ff),620(fin-h),621(hss),608(adm),614(cp),601(BUILTIN+users)
I have checked randomly and some of the users are correct, only some have this sort of problems. It puzzles me.

Any pointers is appreciated.

Old 12-12-2012, 02:41 PM   #2
LQ Newbie
Registered: Sep 2012
Location: Tonawnada, NY
Distribution: CentOS Redhat ubuntu mint
Posts: 15

Rep: Reputation: Disabled
Is there an overlap of gid (group identifiers (numbers)) on the host in /etc/groups and the UNIX attributes of the AD groups, they need to be unique.
Is the /etc/nsswitch.conf group entry set to "group file ldap"?
Old 12-13-2012, 01:31 AM   #3
LQ Newbie
Registered: Mar 2005
Distribution: fedora, slackware
Posts: 16

Original Poster
Rep: Reputation: 0

There's no overlap. However I just noticed that prior to that, users have access to multiple groups and when it was removed from AD, ldap seems to still have the cache around. Restarting samba winbind didnt do the trick. I went through samba docs and decided to add in the config

winbind cache time = 5
Restart samba and winbind. Check the users still the same. I decided to let it run. So the next day i checked, users/groups in samba are in sync with AD. I am trying to replicate the issues and see if i could simulate the same problem again. As of now, i consider this problem as solved.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Use a different group in Samba digity Linux - Newbie 1 02-05-2009 08:27 PM
Samba domain member server (DMS) group permissions in network with a Samba PDC srosa Linux - Networking 0 05-01-2006 06:55 PM
Group Policies on samba mikepengelly Linux - Networking 3 08-25-2004 10:52 PM
Samba inconsistency SpaceGhoti Linux - Networking 4 04-22-2004 02:45 AM
Samba: What group/user is used by Samba to access directories? DJ_Cyberdance Linux - Networking 3 10-04-2003 05:21 AM

All times are GMT -5. The time now is 05:56 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration