[Samba] domain users "primary group" does not take effect in UNIX attributes (NIS)

Lars Hanke debian at lhanke.de
Thu Oct 30 17:33:03 MDT 2014

Am 30.10.2014 22:02, schrieb Marc Muehlfeld:
> Hello Mirco,
> Am 30.10.2014 um 01:17 schrieb ?icro MEGAS:
>> The shell and home were applied correctly, but why doesn't the
>> "primary group" take effect ??? I would expect a line like that...
>> johndoe:*:500:500:John Doe:/srv/some/thing/else:/bin/false
> Because getent takes the value of 'primaryGroupID' and not 'gidNumber'!
> gidNumber: This is the attribute behind the 'Primary group name/GID'
> filed on the Unix Attributes tab.
> primaryGroupID: This is the Windows primary group of an user account. To
> change this, go to the 'MemberOf' tab in ADUC, add the 'Domain Admins'
> group, mark it in the list and then click the button 'set primary
> group". See http://technet.microsoft.com/en-us/library/cc771489.aspx

primaryGroupID has the RID of the primary group, which is not 
immediately related to its gid. Winbind interprets this correctly. 
libnss-ldap(d) ignores it and uses gidNumber instead.

  - lars.

More information about the samba mailing list