[Samba] primary GID based access for user in 16 supplementary groups

steve steve at steve-ss.com
Thu Sep 5 13:24:26 MDT 2013

On Thu, 2013-09-05 at 19:45 +0100, Tris Mabbs wrote:

> 5. Are you *absolutely* sure that your idmap back-ends are doing what you
> thought? 

Here's another few cents:
What you are describing is almost certainly mismatched gidNumbers.
Depending on where the SID to GID mapping came from it will be
different. Most certainly not what you want.

So: Avoid anything other than the ad backend like the plague.

Add gidNumber to the DN of the group and uidNumber and gidNumber to the
DN of the user. Use sssd to pull that info from AD on _anything_ unix be
it the DC, the file server or a solaris/linux client.

More information about the samba mailing list