[Samba] domain users "primary group" does not take effect in UNIX attributes (NIS)
?icro MEGAS
micromegas at mail333.com
Wed Oct 29 18:17:38 MDT 2014
Hello list,
using AD with rfc2307 provisioned and NIS extensions are available. In ADUC tool I choose the group "Domain Admins" and click on the [UNIX Attributes] tab. I activate it for my domain and choose the GID=500. When I execute on my member server "net cache flush && getent group 500" I get the result
domain admins:x:500:johndoe,name1,name2
So far so good, that means that domain group is available on the member server. Here's an output of "getent passwd"...
[...]
johndoe:*:500:40000:John Doe:/home/MYDOM/johndoe:/bin/bash
[...]
Looks correct, the user "johndoe" has uid=500 and gid=40000. The gid 40000 is "domain users".
Now I want to change some UNIX attributes of that particular user. I open ADUC tool, choose that user "johndoe", click on the [UNIX Attributes] tab and make following changes there:
shell=/bin/false
home=/srv/some/thing/else
Primary Group=Domain Admins
Then I apply these settings and on the member server I do a restart of the winbind service and check the results of "getent passwd" ...
[...]
johndoe:*:500:40000:John Doe:/srv/some/thing/else:/bin/false
[...]
The shell and home were applied correctly, but why doesn't the "primary group" take effect ??? I would expect a line like that...
johndoe:*:500:500:John Doe:/srv/some/thing/else:/bin/false
I have tried with other groups, too but without success. Whatever I do choose as "primary group" for a user in the [UNIX Attributes] tab, it does *not take effect*. Is this a known bug?
Cheers,
Mirco
More information about the samba
mailing list