[Samba] Winbind troubles

Jonathan Buzzard jonathan at buzzard.me.uk
Tue Jul 23 08:04:03 MDT 2013

On Tue, 2013-07-23 at 14:39 +0100, Rowland Penny wrote:
> Could this be yet another reason to use sssd instead of winbind?
> sssd does use the account gidNumber
> testuser
> primaryGroupID: 513
> uidNumber: 3001106
> gidNumber: 20513
> getent passwd testuser
> testuser:*:3001106:20513:testuser:/home/DOMAIN/testuser:/bin/bash

Not what I said. The primaryGroupID is an identifier for a group in AD,
bit like a SID is (I don't get that either). So primaryGroupID 513 might
refer to a group called sambausers, which has a it's own set of
RFC2307bis attributes which include a gidNumber. Winbind uses the
gidNumber of the primaryGroupID, not the primaryGroupID itself which is
something entirely different.

As such your example does not show what you think it does show because
you have not shown the gidNumber of the group identified by
primaryGroupID 513. I would say even if sssd uses the gidNumber of the
user it would in my opinion be good practice to keep the gidNumber of
the user the same as the gidNumber of the Windows primary group.

Sometimes my mind boggles at just how much people don't understand AD
and Samba in the Linux/Unix world.


Jonathan A. Buzzard                 Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.

More information about the samba mailing list