[Samba] CHANGING PRIMARY GROUP

Patrick AUDON patrick.audon at martec.fr
Thu Mar 23 14:05:26 GMT 2006 

Hi Michael,

Apparently, the pdbedit tool is only available for local users.

My problem is for users from the trusted domain.
The primary group for these users is defined on the PDC of the NT4 domain,
and apparently, I couldn't change it on the winbind database.

The way I have found is to change the mode to 777 on the shared directory to
allow trusted domain users to access it.
Another way is to use usermap, but the administration isn't so easy because
I need to create all the users of the trusted domain in the usermap file.

Best Regards.

Patrick
-----Message d'origine-----
De : Michael Billerbeck [mailto:billerbeck at adesso.de] 
Envoyé : jeudi 23 mars 2006 12:15
À : Patrick AUDON
Cc : samba at lists.samba.org
Objet : re: [Samba] CHANGING PRIMARY GROUP

Hi Patrick,

samba-bounces+billerbeck=adesso.de at lists.samba.org schrieb am 23.03.2006
11:30:10:

> Hi to all,
>
>
>
> I have a samba acting as a PDC with 'passdb backend=smbpasswd'. My
version
> of samba is 3.0.14a on linux Debian 2.6.8.
>

First of all: if I read correctly it's better to use at least the password
backend
tdbsam (trivial database sam) in this context.
That's what I have read in the How-To or by-Example.

>
> I have defined an interdomain trusted connection with a NT4 domain.
>
>
>
> I can see the trusted accounts and groups, and add them to local group
with
> the 'net rpc group.' command.
>
>
>
> My problem is when I want to allow one user from this trusted domain to
> access to a share. The group seen by samba and sent to unix is the
primary
> group which is the domain account group.
>
> I want to change this primary group, but I haven't seen tools for that.
>
>
>
> Could you help me ?
>
You can change the primary group RID or SID by using pdbedit:

pdbedit -r <username> -G <SID>
or
pdbedit -r <username> -G <RID>

If the parameter after the G-option (-G) doesn't start with 'S-' pdbedit
assumes
you passed an RID because SIDs start with S-1-5...

example:

pdbedit -r michael -G 513

513 ist the well-known RID for users windows environments.

cheers,
Michael

More information about the samba mailing list