[Samba] Winbind troubles

Jonathan Buzzard jonathan at buzzard.me.uk
Tue Jul 23 16:21:13 MDT 2013

On 23/07/13 17:10, Rowland Penny wrote:


>     But if the group identified by primaryGroupID 513 has gidNumber 20513
>     (which would be in my opinion best practice) without looking in the
>     source code of sssd you don't know whether sssd took the gidNumber of
>     the user or took the primaryGroupID, and then looked up gidNumber of
>     that group. As your example has not shown what the gidNumber of the
>     group identified by primaryGroupID 513 it has not demonstrated what you
>     claim it has demonstrated.
> Does it matter, as long as the right answer is returned?

Only in that you gave an example that claimed to show that sssd used the 
gidNumber from the users entry. The point I was making is that it did 
not actually show that. What it showed was sssd returning a GID that 
matched the gidNumber from the users entry which while close is not what 
you claimed.

> But for your information, sssd pulls ALL the information from the users
> RFC2307 information, in fact it pulls more information than winbind.

Well then that sucks and I prefer the winbind method, because as far as 
I am aware changing the Windows primary group (at least under 2003R2 and 
2008R2, not tested 2012 or Samba4) of a user has no effect on the users 
gidNumber. As such it is inevitable that mistakes will be made, things 
will get out of sync and stuff will break in odd not apparent ways.

Reasons why winbind is better than sssd if you ask me :-)


Jonathan A. Buzzard                 Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.

More information about the samba mailing list