[Samba] Samba 4.1. creates group rights for not existing group.

Michael Adam obnox at samba.org
Mon Nov 16 12:53:11 UTC 2015

On 2015-11-16 at 11:14 +0000, Rowland Penny wrote:
> On 16/11/15 10:11, Alex Sviridov wrote:
> >  I use samba 4.1 as dc with acl. I have user with uid 3000023. However, I don't have group with guid 3000023. However, when this user creates a folder samba in acl list creates permissions for group 3000023 and as result I have broken link. How to fix it?
> >
> >
> Hi, allow me to introduce you to the concept of a user being also a group
> and vica-versa. If you examine idmap.ldb:
> ldbedit -e nano -H /usr/local/samba/private/idmap.ldb
> You will find lines like this:
> type: ID_TYPE_BOTH
> This means that your user can be both a user and a group
> It has to be like this so that the 'Administrators' group can own
> directories and files in sysvol.

Very true.
This can't be over-emphasized, since it seems
to puzzle people: This is by design.

And regarding non-existence of that group:

If you do the supported thing, namely put
winbind into /etc/nsswitch.conf, then this
group exists. :-)

Cheers - Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20151116/dcc70c69/signature.sig>

More information about the samba mailing list