Samba4: ID mapping is hard

steve steve at
Sun Mar 25 01:46:56 MDT 2012

El 24/03/12 01:20, Andrew Bartlett escribió:
> On Fri, 2012-03-23 at 23:54 +0100, steve wrote:
>> What is working well for us in tests is giving Domain Users a uid, gid,
>> setting their primaryGroupID to that of a posix-ified security group and
>> storing these attributes in their entry in sam.ldb. The only problem I
>> have with this is that adding the posixGroup objectClass to a security
>> group removes the ability to be able to list its members in ADUC and it
>> is really unfortunate that I can't test this against a windows server.
>> Because I don't have one.
> Trial copies of Windows are available for download:
There is already a bugzilla which confirms that s4 does not handle the 
posixGroup attribute correctly. Adding the posixGroup attribute on a ms 
2008 server works correctly. The membership tabs under ADCU appear 

Please see:
comment 43 onwards.


More information about the samba-technical mailing list