[Samba] (Samba 4.2.2) wbinfo -i does not get the (correct) unix primary group gid

Rowland Penny rowlandpenny at googlemail.com
Fri Jun 19 05:52:33 MDT 2015


On 19/06/15 12:26, Frank Grantz wrote:
> Hi Rowland,
>
>> Gesendet: Freitag, 19. Juni 2015 um 12:22 Uhr
>> Von: "Rowland Penny" <rowlandpenny at googlemail.com>
>> An: samba at lists.samba.org
>> Betreff: Re: [Samba] (Samba 4.2.2) wbinfo -i does not get the (correct) unix primary group gid
>>
>>>    
>> OK, I now have a VM running Centos 7 with Sernet-Samba 4.2.2, this is
>> setup just like I would setup a Debian client and it works, 'wbinfo -i
>> rowland' returns nearly the same result as on a Debian client i.e.
>> Centos returns the Display Name as well.
>>
>> Centos:
>> wbinfo -i rowland
>> rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
>>
>> Debian:
>> wbinfo -i rowland
>> rowland:*:10000:10000::/home/rowland:/bin/bash
>>
>> 'id rowland' doesn't work on Centos, but I am sure that is only because
>> I haven't yet setup PAM.
>>
>> So, we need to know just how you installed samba, what packages have you
>> installed ?
>>
> Sernet-Samba 4.2.2 on CentOS7 here, too. The other machine is Sernet-Samba 3.3.15 on CentOS 5.10.
>
> In your AD setup: what is gidNumber and primaryGroupID for user rowland?
>
> regards
>
> Frank
>

OK, this my object in AD with the relevant attributes:

dn: CN=Rowland Penny,CN=Users,DC=example,DC=com
primaryGroupID: 513
uid: rowland
msSFU30Name: rowland
msSFU30NisDomain: example
uidNumber: 10000
gidNumber: 10000
loginShell: /bin/bash
unixUserPassword: ABCD!efgh12345$67890
unixHomeDirectory: /home/rowland

And this is the 'Domain Users' object:

dn: CN=Domain Users,CN=Users,DC=example,DC=com
msSFU30NisDomain: example
msSFU30Name: Domain Users
gidNumber: 10000

With AD, all users are automatically members of 'Domain Users' even 
though they do not show as members in the 'Domain Users' object. If you 
change a users 'primaryGroupID' from 513 to the RID of another group, 
you must add the user to the 'Domain Users' group as a member, it breaks 
things if you don't :-)

What you need to get your head around is:
RID = windows user or group
uidNumber = Unix user
gidNumber = Unix group
gidNumber in users object = users Unix primary group, not to be confused 
with the 'primaryGroupID' attribute

Rowland



More information about the samba mailing list