[Samba] domain users "primary group" does not take effect in UNIX attributes (NIS)

?icro MEGAS micromegas at mail333.com
Wed Oct 29 18:17:38 MDT 2014

Hello list,

using AD with rfc2307 provisioned and NIS extensions are available. In ADUC tool I choose the group "Domain Admins" and click on the [UNIX Attributes] tab. I activate it for my domain and choose the GID=500. When I execute on my member server "net cache flush && getent group 500" I get the result

domain admins:x:500:johndoe,name1,name2

So far so good, that means that domain group is available on the member server. Here's an output of "getent passwd"...
johndoe:*:500:40000:John Doe:/home/MYDOM/johndoe:/bin/bash

Looks correct, the user "johndoe" has uid=500 and gid=40000. The gid 40000 is "domain users".

Now I want to change some UNIX attributes of that particular user. I open ADUC tool, choose that user "johndoe", click on the [UNIX Attributes] tab and make following changes there:

Primary Group=Domain Admins

Then I apply these settings and on the member server I do a restart of the winbind service and check the results of "getent passwd" ...
johndoe:*:500:40000:John Doe:/srv/some/thing/else:/bin/false

The shell and home were applied correctly, but why doesn't the "primary group" take effect ??? I would expect a line like that...
johndoe:*:500:500:John Doe:/srv/some/thing/else:/bin/false

I have tried with other groups, too but without success. Whatever I do choose as "primary group" for a user in the [UNIX Attributes] tab, it does *not take effect*. Is this a known bug?


More information about the samba mailing list