[Samba] Changing default primary Group sid from 513 to 515
mallapadi niranjan
niranjan.ashok at gmail.com
Mon Dec 3 18:06:45 MST 2012
bHi all,
I have a Samba PDC with LDAP backend (using editPosix method) . Below are
my versions
RHEL6.3
samba-3.5.10-125.el6.x86_64
samba-common-3.5.10-125.el6.x86_64
samba-winbind-clients-3.5.10-125.el6.x86_64
samba-winbind-3.5.10-125.el6.x86_64
samba-client-3.5.10-125.el6.x86_64
When i Join a new Windows System to PDC, the system gets it's Primary gid
as 513 (Domain Users) instead of (Domain Computers).
When using smbldap-tools, this works fine but we would like to avoid
smbldap-tools.
Ouput of winxp system joined to Samba PDC.
---------------
Unix username: WINXP2$
NT username: WINXP2$
Account Flags: [W ]
User SID: S-1-5-21-3867639012-1738891662-3591060562-1010
Primary Group SID: S-1-5-21-3867639012-1738891662-3591060562-513
Full Name: WINXP2$
Home Directory:
HomeDir Drive: X:
Logon Script: %u.bat
Profile Path:
Domain: EXAMPLE.COM
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Sun, 02 Dec 2012 13:03:49 IST
Returning valid cache entry: key = ACCT_POL/minimum password age, value = 0
, timeout = Tue Dec 4 01:00:45 2012
Password can change: Sun, 02 Dec 2012 13:03:49 IST
Returning valid cache entry: key = ACCT_POL/maximum password age, value =
4294967295
, timeout = Tue Dec 4 01:00:45 2012
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Entry on LDAP
# WINXP2$, Computers, example.com
dn: uid=WINXP2$,ou=Computers,dc=example,dc=com
uid: WINXP2$
sambaSID: S-1-5-21-3867639012-1738891662-3591060562-1010
sambaAcctFlags: [W ]
objectClass: sambaSamAccount
objectClass: account
objectClass: posixAccount
cn: WINXP2$
uidNumber: 10005
gidNumber: 513
homeDirectory: /home/EXAMPLE.COM/SMB_workstations_home
loginShell: /bin/false
sambaNTPassword: CE2914F0062745681734B36B65FCC704
sambaPwdLastSet: 1354433629
My smb.conf
[global]
workgroup = EXAMPLE.COM
netbios name = EXAMPLEPDC
server string = Samba Server Version %v
interfaces = eth1, lo
bind interfaces only = Yes
passdb backend = ldapsam:ldap://localhost
password level = 8
username level = 8
log level = 10
syslog = 0
log file = /var/log/samba/log.%m
max log size = 0
name resolve order = wins lmhosts host bcast
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
disable spoolss = Yes
logon script = %u.bat
logon path =
logon drive = X:
logon home =
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=Manager,dc=example,dc=com
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = yes
ldap suffix = dc=msdpl,dc=com
ldap ssl = no
ldap user suffix = ou=People
idmap backend = ldap
idmap alloc backend = ldap
idmap uid = 10000-20000
idmap gid = 10000-20000
ldapsam:trusted = yes
ldapsam:editposix = yes
idmap alloc config:ldap_base_dn = ou=Idmap,dc=example,dc=com
idmap alloc config:ldap_user_dn = cn=Manager,dc=example,dc=com
idmap alloc config:ldap_url = ldap://localhost
idmap alloc config:range = 10000-20000
max print jobs = 100
cups options = raw
hide unreadable = Yes
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
share modes = No
[Profiles]
path = /var/lib/samba/profiles
guest ok = Yes
browseable = No
More information about the samba
mailing list