[samba] users in multiple groups?

Paul Gienger pgienger at ae-solutions.com
Mon Nov 1 15:57:13 GMT 2004

> every user is added to the group, but i cant seem to find a way for a 
> user to be part of multiple groups, sambaPrimaryGroupSID isnt 
> multi-valued, neither is gidNumber. Is there any way around this, has 
> anybody have sugesstions?

Bone up on your UNIX group membership theory.  Every user has a primary 
group that is specified in their user account.  Secondary groups are 
applied 'backwards' to that setup.  That means that users are added to 
the group's entry in wherever that group is defined (/etc/group, 
ou=Groups in a 'standard' LDAP DIT.  You can have many many user entries 
in each group (up to like 1024 characters long for the list I believe) 
and the user can be both specified in the group object and have their 
primary group as that group without causing issues.

There are a couple of commands that come in handy once you start setting 
up secondary group memberships, and they work differently on different 
os's.  groups <username> and id <username> give interesting output:
[root at mail log]# id pgienger
uid=2266(pgienger) gid=2028(itserv) 
[root at mail log]# groups pgienger
pgienger : itserv applied itadmin office projects Domain Admins

Paul Gienger                    Office: 701-281-1884
Applied Engineering Inc.
Systems Architect               Fax:    701-281-1322
URL: www.ae-solutions.com       mailto: pgienger at ae-solutions.com

More information about the samba mailing list