[Samba] Samba 4.1. creates group rights for not existing group.

Rowland Penny rowlandpenny241155 at gmail.com
Mon Nov 16 12:57:02 UTC 2015

On 16/11/15 12:53, Michael Adam wrote:
> On 2015-11-16 at 11:14 +0000, Rowland Penny wrote:
>> On 16/11/15 10:11, Alex Sviridov wrote:
>>>   I use samba 4.1 as dc with acl. I have user with uid 3000023. However, I don't have group with guid 3000023. However, when this user creates a folder samba in acl list creates permissions for group 3000023 and as result I have broken link. How to fix it?
>> Hi, allow me to introduce you to the concept of a user being also a group
>> and vica-versa. If you examine idmap.ldb:
>> ldbedit -e nano -H /usr/local/samba/private/idmap.ldb
>> You will find lines like this:
>> type: ID_TYPE_BOTH
>> This means that your user can be both a user and a group
>> It has to be like this so that the 'Administrators' group can own
>> directories and files in sysvol.
> Very true.
> This can't be over-emphasized, since it seems
> to puzzle people: This is by design.
> And regarding non-existence of that group:
> If you do the supported thing, namely put
> winbind into /etc/nsswitch.conf, then this
> group exists. :-)
> Cheers - Michael

er, when did it become supported to put winbind into /etc/nsswitch.conf 
on a DC?
You only need to do this if you actually need to log into the DC and 
this is not recommended on the wiki.


More information about the samba mailing list