[Samba] Winbind rid + SID History creating duplicate per-user groups
Josh Kelley
joshkel at gmail.com
Tue Jul 29 15:15:53 MDT 2014
On Mon, Jul 28, 2014 at 11:42 AM, Rowland Penny
<rowlandpenny at googlemail.com> wrote:
> There is quite a lot of your smb.conf that is not really required any more,
> have a look here:
>
> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
Thanks. I'll work on cleaning it up.
> I do not think that winbind itself can create users and groups, simplifying
> things a lot, it just pulls info from somewhere, in this case the AD
> database, so if your users have a group with the same name as their
> username, somebody or something is creating them.
Maybe my choice of terminology was poor? Winbind creates Unix users
and groups that correspond to the info that it pulls from Active
Directory.
After spending far too much time experimenting with old versions, I
discovered that winbind *does* create per-user groups (sometimes
referred to as "user private groups"), starting with 4.0.5. More
info:
http://git.samba.org/?p=samba.git;a=commit;h=d2360fe56c860fa20051f6373eb2fcc3e4def6b6
https://lists.samba.org/archive/samba-technical/2013-July/093986.html
User private groups is apparently a feature and cannot be disabled. I
don't know (or don't know the intricacies of user/group mapping and AD
compatibility well enough to understand) why it was added, but it
should generally be harmless for a Unix environment.
I believe that the fact that SID history can cause duplicate groups to
be created is a bug, and I've logged it at
https://bugzilla.samba.org/show_bug.cgi?id=10753.
Thanks for your help.
--
Josh Kelley
More information about the samba
mailing list