[Samba] Change primaryGroupID [SOLVED]
debian at lhanke.de
Sat Oct 25 16:26:57 MDT 2014
Am 25.10.2014 23:28, schrieb Rowland Penny:
> On 25/10/14 22:20, Lars Hanke wrote:
>> Currently, when CIFS users create files these get "Domain Users" as
>> their group. I would appreciate a different group in general and yet
>> another group for some selected users.
>> Googling until my fingers bled I learned that this group is somehow
>> magically encoded in the RID 513 set as primaryGroupID for all users.
>> With Samba3 there used to be commands like 'net groupmap' to list /
>> modify this mapping. But these commands apparently don't work anymore
>> in Samba4.
>> How do I assign / determine the RID of a group in Samba4?
Okay, at least I found out how to determine the RID. It's the final set
of numbers of the group's SID.
> Use RFC2307 attributes, create a group, give it a gidNumber and if you
> use something on the Unix clients that will pull these attributes
> (nslcd,sssd,winbind ad backend) getent group <groupname> will display
> the result.
This is all working. But since "Domain Users" translates to "domain
users" on my NAS, it breaks idmap for NFS4 and I can't use it. Don't
know if I can safely change sAMAccountName of these default groups to
lower case. It would simplify a lot.
I have to stick with winbind on the NAS. On the NAS it maps all users
and groups, but ignores RFC2307 settings. On another system using the
_same_ config, it obeys RFC2307, but drops some groups. That's why I use
nslcd on the Linux clients - winbind is just insane!
>> And if I set this to primaryGroupID, will it be used for file creation
>> via CIFS?
> Not entirely sure, but you do not need to change the primaryGroupID, you
> can get CIFS to use the Unix group you created, Kerberos again!!
Kerberos determines the default group in CIFS access? You make me curious.
I changed primaryGroupID, restarted Samba on my NAS et voilá, winbind
mapped the primary gid to my group and CIFS creates them right.
That's a good result for tonight ...
More information about the samba