[Samba] xidNumber and gidNumber
Marco Gaiarin
gaio at lilliput.linux.it
Fri Sep 8 16:09:28 UTC 2023
Mandi! Kees van Vloten via samba
In chel di` si favelave...
> What are your thoughts on this topic? Make them identical, better not do
> that or perhaps it does not matter at all?
The only group that need ID_BOTH on DCs is 'Domain Adminstrators'; you can safely
assign GID to 'Domain Users' and even 'Domain Computers'.
If i remember well, also 'Administrator' users fall in this, eg cannot have
an UID (and so have xID on DCs and nothing on DMs; but this can be safely
solved via a user map mapping it to 'root').
If you need administrative privilege assigned to users you can safely add
users to 'Domain Adminstrators', but on DCs they get assigned to xID, on DMs
they get nothing, and this can be problematic expecially if you use 'Domain
Administrators' as primary group (aso user desappear).
But you can easily an safely circumvent this, using nothing then the 'power'
of AD: simply create another group (say: 'unixadm'), assign an GID to that
group, and make 'unixadm' member of group 'Domain Administrators'.
Voilà, done. ;-)
--
La differenza tra una dittatura e una democrazia e' che in democrazia poi
si vedono le foto. (Dose e Presta, Il ruggito del Coniglio)
More information about the samba
mailing list