[Samba] Change primaryGroupID
Rowland Penny
rowlandpenny at googlemail.com
Sat Oct 25 15:28:33 MDT 2014
On 25/10/14 22:20, Lars Hanke wrote:
> Currently, when CIFS users create files these get "Domain Users" as
> their group. I would appreciate a different group in general and yet
> another group for some selected users.
>
> Googling until my fingers bled I learned that this group is somehow
> magically encoded in the RID 513 set as primaryGroupID for all users.
> With Samba3 there used to be commands like 'net groupmap' to list /
> modify this mapping. But these commands apparently don't work anymore
> in Samba4.
>
> How do I assign / determine the RID of a group in Samba4?
Use RFC2307 attributes, create a group, give it a gidNumber and if you
use something on the Unix clients that will pull these attributes
(nslcd,sssd,winbind ad backend) getent group <groupname> will display
the result.
>
> And if I set this to primaryGroupID, will it be used for file creation
> via CIFS?
>
Not entirely sure, but you do not need to change the primaryGroupID, you
can get CIFS to use the Unix group you created, Kerberos again!!
You really should learn about kerberos, it is what AD is all about.
> Are there any other side effects to consider when changing
> primaryGroupID?
>
I am led to believe that you could have problems with windows networking
but again not sure just what.
Rowland
> Thanks for your help,
> - lars.
More information about the samba
mailing list