[Samba] domain users "primary group" does not take effect in UNIX attributes (NIS)
Rowland Penny
rowlandpenny at googlemail.com
Thu Oct 30 15:46:40 MDT 2014
On 30/10/14 20:33, Lars Hanke wrote:
> Hi Mirco,
>
> ADUC wrecked some of my users. Apparently it does not exactly comply
> RFC2307. Try something like:
Hi, just how did ADUC wreck your users ? what did it add/remove/change ???
Rowland
>
> ldapsearch -b "dc=samdom,dc=example,dc=com" -H ldap://localhost -D
> "cn=Administrator,cn=Users,dc=samdom,dc=example,dc=com" -W -x
> '(sAMAccountName=johndoe)'
>
> to figure out, what exactly is in LDAP.
>
> Regards,
> - lars.
>
> Am 30.10.2014 01:17, schrieb ?icro MEGAS:
>> Hello list,
>>
>> using AD with rfc2307 provisioned and NIS extensions are available.
>> In ADUC tool I choose the group "Domain Admins" and click on the
>> [UNIX Attributes] tab. I activate it for my domain and choose the
>> GID=500. When I execute on my member server "net cache flush &&
>> getent group 500" I get the result
>>
>> domain admins:x:500:johndoe,name1,name2
>>
>> So far so good, that means that domain group is available on the
>> member server. Here's an output of "getent passwd"...
>> [...]
>> johndoe:*:500:40000:John Doe:/home/MYDOM/johndoe:/bin/bash
>> [...]
>>
>> Looks correct, the user "johndoe" has uid=500 and gid=40000. The gid
>> 40000 is "domain users".
>>
>> Now I want to change some UNIX attributes of that particular user. I
>> open ADUC tool, choose that user "johndoe", click on the [UNIX
>> Attributes] tab and make following changes there:
>>
>> shell=/bin/false
>> home=/srv/some/thing/else
>> Primary Group=Domain Admins
>>
>> Then I apply these settings and on the member server I do a restart
>> of the winbind service and check the results of "getent passwd" ...
>> [...]
>> johndoe:*:500:40000:John Doe:/srv/some/thing/else:/bin/false
>> [...]
>>
>> The shell and home were applied correctly, but why doesn't the
>> "primary group" take effect ??? I would expect a line like that...
>> johndoe:*:500:500:John Doe:/srv/some/thing/else:/bin/false
>>
>> I have tried with other groups, too but without success. Whatever I
>> do choose as "primary group" for a user in the [UNIX Attributes] tab,
>> it does *not take effect*. Is this a known bug?
>>
>> Cheers,
>> Mirco
>>
>
More information about the samba
mailing list