[Samba] Changing a user's primary GID

John H Terpstra jht at samba.org
Fri Feb 4 20:16:22 GMT 2005

Mr. G,

Are you using the "net groupmap" facility to assign local UNIX groups to your 
Windows Domain Groups?

ie: net groupmap modify ntgroup="Domain Whatsis" unixgroup=aunixgroup

- John T.

On Friday 04 February 2005 13:06, Wong, G. MR   EECS wrote:
> I'm using samba version 3.0.10 on an Intel PC running Redhat Linux 3.0
> AS.  I am using winbind with the idmap_rid module to authenticate users
> to Windows AD.  All the current Linux user account names are exactly the
> same as the corresponding Windows AD SAM acct names.  Everything works
> beautifully EXCEPT for the GIDs generated from the from the AD Groups
> that the Windows accounts belong to.  (The UIDs are NOT a problem.)  It
> seems like they all belong to the same group of "Domain Users".
> This is what I DO NOT want!  At a minimum I need to have users in one of
> 2 Linux groups - as their primary group - a faculty or a student group
> since our current utility programs use Linux group permissions to work
> properly.  A student account can easily be determined from the
> SAMaccountName - if it starts with a lowercase "x".  If not it is a
> faculty account.
> I DO NOT control the info in the Windows AD system.
> Is there a way to force a user be put into a particular (LOCAL) Linux
> group when logging into a Linux host running Samba winbind.  This would
> be there primary group while logged in.
> I really have no use for the domain group.
> Is there a utility or would the code have to be hacked?  If the latter
> is true what C programs need to be modified?

John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.

More information about the samba mailing list