[Samba] CHANGING PRIMARY GROUP
patrick.audon at martec.fr
Thu Mar 23 14:05:26 GMT 2006
Apparently, the pdbedit tool is only available for local users.
My problem is for users from the trusted domain.
The primary group for these users is defined on the PDC of the NT4 domain,
and apparently, I couldn't change it on the winbind database.
The way I have found is to change the mode to 777 on the shared directory to
allow trusted domain users to access it.
Another way is to use usermap, but the administration isn't so easy because
I need to create all the users of the trusted domain in the usermap file.
De : Michael Billerbeck [mailto:billerbeck at adesso.de]
Envoyé : jeudi 23 mars 2006 12:15
À : Patrick AUDON
Cc : samba at lists.samba.org
Objet : re: [Samba] CHANGING PRIMARY GROUP
samba-bounces+billerbeck=adesso.de at lists.samba.org schrieb am 23.03.2006
> Hi to all,
> I have a samba acting as a PDC with 'passdb backend=smbpasswd'. My
> of samba is 3.0.14a on linux Debian 2.6.8.
First of all: if I read correctly it's better to use at least the password
tdbsam (trivial database sam) in this context.
That's what I have read in the How-To or by-Example.
> I have defined an interdomain trusted connection with a NT4 domain.
> I can see the trusted accounts and groups, and add them to local group
> the 'net rpc group.' command.
> My problem is when I want to allow one user from this trusted domain to
> access to a share. The group seen by samba and sent to unix is the
> group which is the domain account group.
> I want to change this primary group, but I haven't seen tools for that.
> Could you help me ?
You can change the primary group RID or SID by using pdbedit:
pdbedit -r <username> -G <SID>
pdbedit -r <username> -G <RID>
If the parameter after the G-option (-G) doesn't start with 'S-' pdbedit
you passed an RID because SIDs start with S-1-5...
pdbedit -r michael -G 513
513 ist the well-known RID for users windows environments.
More information about the samba