[Samba] pdbedit: '-G rid' doesn't seem to have any effect

[Chris Hall]

On my Samba PDC, using tdbpass:

'pdbedit -Lv agrotera$' produces:

  Unix username:        agrotera$
  NT username:
  Account Flags:        [W          ]
  User SID:             S-1-5-21-4211105910-4270789338-3787013593-1414
  Primary Group SID:    S-1-5-21-4211105910-4270789338-3787013593-513
  .....

'getent passwd agrotera$' gives:

  agrotera$:x:207:200:SMB Machine:/dev/null:/bin/false

where GID 200 is SMB_Machine, which is groupmapped:

  Domain Computers (S-1-5-21-4211105910-4270789338-3787013593-515) -> \
   SMB_MACHINE

So...

  (a) doesn't seem right that the machine account is in 'Domain Users'
      in the first place.

  (b) UNIX agrotera$ has primary group that is mapped to 'Domain
      Computers', but the tdbpass file says otherwise.

If I create a new machine account it is put in the 'Domain Computers'
group, as in:

'adduser -M -u 299 -g 200 fred$'
'pdbedit -a -m fred$'

  Unix username:        fred$
  NT username:
  Account Flags:        [W          ]
  User SID:             S-1-5-21-4211105910-4270789338-3787013593-1598
  Primary Group SID:    S-1-5-21-4211105910-4270789338-3787013593-515

Now, the old machine accounts were created (long) before I set up the
groupmap for 'Domain Computers'.  So, those entries may simply be out of
date.

So... I thought perhaps this should be fixed, but...

'pdbedit -r -u agrotera$ -G 515', produced:

  Unix username:        agrotera$
  NT username:
  Account Flags:        [W          ]
  User SID:             S-1-5-21-4211105910-4270789338-3787013593-1414
  Primary Group SID:    S-1-5-21-4211105910-4270789338-3787013593-513

which is to say, nothing changed and no error or warning message was
given.

Can anyone explain this, please ?

Thanks,

Chris
-- 
Chris Hall   @ Home                                         +44 (0)7970 277 383