[Samba] (Samba 4.2.2) wbinfo -i does not get the (correct) unix primary group gid

Frank Grantz frankgrantz at gmx.de
Fri Jun 19 06:12:36 MDT 2015 

Hi Rowland,

> Gesendet: Freitag, 19. Juni 2015 um 13:52 Uhr
> Von: "Rowland Penny" <rowlandpenny at googlemail.com>
> An: samba at lists.samba.org
> Betreff: Re: [Samba] (Samba 4.2.2) wbinfo -i does not get the (correct) unix primary group gid
>
> On 19/06/15 12:26, Frank Grantz wrote:
> > Hi Rowland,
> >
> >> Gesendet: Freitag, 19. Juni 2015 um 12:22 Uhr
> >> Von: "Rowland Penny" <rowlandpenny at googlemail.com>
> >> An: samba at lists.samba.org
> >> Betreff: Re: [Samba] (Samba 4.2.2) wbinfo -i does not get the (correct) unix primary group gid
> >>
> >>>    
> >> OK, I now have a VM running Centos 7 with Sernet-Samba 4.2.2, this is
> >> setup just like I would setup a Debian client and it works, 'wbinfo -i
> >> rowland' returns nearly the same result as on a Debian client i.e.
> >> Centos returns the Display Name as well.
> >>
> >> Centos:
> >> wbinfo -i rowland
> >> rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
> >>
> >> Debian:
> >> wbinfo -i rowland
> >> rowland:*:10000:10000::/home/rowland:/bin/bash
> >>
> >> 'id rowland' doesn't work on Centos, but I am sure that is only because
> >> I haven't yet setup PAM.
> >>
> >> So, we need to know just how you installed samba, what packages have you
> >> installed ?
> >>
> > Sernet-Samba 4.2.2 on CentOS7 here, too. The other machine is Sernet-Samba 3.3.15 on CentOS 5.10.
> >
> > In your AD setup: what is gidNumber and primaryGroupID for user rowland?
> >
> > regards
> >
> > Frank
> >
> 
> OK, this my object in AD with the relevant attributes:
> 
> dn: CN=Rowland Penny,CN=Users,DC=example,DC=com
> primaryGroupID: 513
> uid: rowland
> msSFU30Name: rowland
> msSFU30NisDomain: example
> uidNumber: 10000
> gidNumber: 10000
> loginShell: /bin/bash
> unixUserPassword: ABCD!efgh12345$67890
> unixHomeDirectory: /home/rowland
> 
> And this is the 'Domain Users' object:
> 
> dn: CN=Domain Users,CN=Users,DC=example,DC=com
> msSFU30NisDomain: example
> msSFU30Name: Domain Users
> gidNumber: 10000
> 
> With AD, all users are automatically members of 'Domain Users' even 
> though they do not show as members in the 'Domain Users' object. If you 
> change a users 'primaryGroupID' from 513 to the RID of another group, 
> you must add the user to the 'Domain Users' group as a member, it breaks 
> things if you don't :-)
> 
> What you need to get your head around is:
> RID = windows user or group
> uidNumber = Unix user
> gidNumber = Unix group
> gidNumber in users object = users Unix primary group, not to be confused 
> with the 'primaryGroupID' attribute
> 
> Rowland
> 

In your setup  CN=Rowland Penny has  gidNumber: 10000 - which is coincidentally the same gidNumber that CN=Domain Users has.

If you change one of these numbers you will get different results with different versions of wbinfo. The question to me is: Do i have to change groups in my AD or will wbinfo/winbind change in a way that i will behave like the old version in this point again.

regards

Frank

More information about the samba mailing list