Primary Group SID

Bostjan Golob golob at
Sun Feb 8 13:41:27 GMT 2004

Hi all,

I have a user with primary group admin, which is mapped to Domain
Admins. I also have domainusers mapped to Domain Users. If I enumerate
the user's groups, I get back only the Domain Users group.

Reading pdb_ldap.c, I have come across a comment:
/* we don't need to store the primary group RID - so leaving it
           'free' to hang off the unix primary group makes life easier

however, when initializing the SAM user from LDAP, the primary group
gets set to Domain Users automatically if the user has no
sambaPrimaryGroupSID attribute.

If this is unwanted, I can try and produce a patch that will get the
group mapping for the user's primary gid (if it exists) and set the
primary group SID accordingly.

Bostjan Golob

More information about the samba-technical mailing list