[Samba] domain users "primary group" does not take effect in UNIX attributes (NIS)

[Lars Hanke]

Hi Mirco,

ADUC wrecked some of my users. Apparently it does not exactly comply 
RFC2307. Try something like:

ldapsearch -b "dc=samdom,dc=example,dc=com" -H ldap://localhost -D 
"cn=Administrator,cn=Users,dc=samdom,dc=example,dc=com" -W -x 
'(sAMAccountName=johndoe)'

to figure out, what exactly is in LDAP.

Regards,
  - lars.

Am 30.10.2014 01:17, schrieb ?icro MEGAS:
> Hello list,
>
> using AD with rfc2307 provisioned and NIS extensions are available. In ADUC tool I choose the group "Domain Admins" and click on the [UNIX Attributes] tab. I activate it for my domain and choose the GID=500. When I execute on my member server "net cache flush && getent group 500" I get the result
>
> domain admins:x:500:johndoe,name1,name2
>
> So far so good, that means that domain group is available on the member server. Here's an output of "getent passwd"...
> [...]
> johndoe:*:500:40000:John Doe:/home/MYDOM/johndoe:/bin/bash
> [...]
>
> Looks correct, the user "johndoe" has uid=500 and gid=40000. The gid 40000 is "domain users".
>
> Now I want to change some UNIX attributes of that particular user. I open ADUC tool, choose that user "johndoe", click on the [UNIX Attributes] tab and make following changes there:
>
> shell=/bin/false
> home=/srv/some/thing/else
> Primary Group=Domain Admins
>
> Then I apply these settings and on the member server I do a restart of the winbind service and check the results of "getent passwd" ...
> [...]
> johndoe:*:500:40000:John Doe:/srv/some/thing/else:/bin/false
> [...]
>
> The shell and home were applied correctly, but why doesn't the "primary group" take effect ??? I would expect a line like that...
> johndoe:*:500:500:John Doe:/srv/some/thing/else:/bin/false
>
> I have tried with other groups, too but without success. Whatever I do choose as "primary group" for a user in the [UNIX Attributes] tab, it does *not take effect*. Is this a known bug?
>
> Cheers,
> Mirco
>