[Samba] Strange GID and UID with winbindd + Samba AD DC

steve steve at steve-ss.com
Fri Mar 14 07:16:32 MDT 2014

On Fri, 2014-03-14 at 13:38 +0100, Sven Schwedas wrote:
> On 2014-03-14 13:17, Chan Min Wai wrote:
> > Dear Stéphane,
> > 
> > Thank you for the answer. 
> > 
> > Not all users or groups have UID or GID. 
> > 
> > I use windows 7 RAT to edit the users and computer. 
> > So I only enable the groups which I think need GID. 
> > 
> > Did we need to add GID to all groups?
> > Including the builtIn and also the default group?
> Yes.
No. We only add the gid to the groups we use at (human) user level. e.g.
Domain Users has a gidNumber and the group staff2 which we created
ourselves has too. We have not assigned a gidNumber to any of the
builtin groups.

> > Shouldn't winbind add the builtIn group with default GID. 
> There is no default uid/gid for some silly reason, you have to manually
> add the posix attributes to all objects you want them to have.

With the config as the OP has it, winbind will not assign any sensible
gidNumber. It can however be made to do so by storing the gidNumbers in
a separate database.

The reason is that windows uses SIDs for user and group management. It
has no interest in gid or uid numbers. 
> > And skipped the group without GID configure?
> It should, but winbind is a bit… special.
> > 
> > Oh I got the idea wrong?
No, but you if you do not intend to populate neither uidNumber nor
gidNumber in the directory then your configuration will never work.
> > 
> > Thank you.
No prob.

More information about the samba mailing list