[Samba] Samba 4.1. creates group rights for not existing group.

Rowland Penny rowlandpenny241155 at gmail.com
Mon Nov 16 12:57:02 UTC 2015


On 16/11/15 12:53, Michael Adam wrote:
> On 2015-11-16 at 11:14 +0000, Rowland Penny wrote:
>> On 16/11/15 10:11, Alex Sviridov wrote:
>>>   I use samba 4.1 as dc with acl. I have user with uid 3000023. However, I don't have group with guid 3000023. However, when this user creates a folder samba in acl list creates permissions for group 3000023 and as result I have broken link. How to fix it?
>>>
>>>
>> Hi, allow me to introduce you to the concept of a user being also a group
>> and vica-versa. If you examine idmap.ldb:
>>
>> ldbedit -e nano -H /usr/local/samba/private/idmap.ldb
>>
>> You will find lines like this:
>>
>> type: ID_TYPE_BOTH
>>
>> This means that your user can be both a user and a group
>>
>> It has to be like this so that the 'Administrators' group can own
>> directories and files in sysvol.
> Very true.
> This can't be over-emphasized, since it seems
> to puzzle people: This is by design.
>
> And regarding non-existence of that group:
>
> If you do the supported thing, namely put
> winbind into /etc/nsswitch.conf, then this
> group exists. :-)
>
> Cheers - Michael

er, when did it become supported to put winbind into /etc/nsswitch.conf 
on a DC?
You only need to do this if you actually need to log into the DC and 
this is not recommended on the wiki.

Rowland



More information about the samba mailing list