[Samba] Wither "uidNumber" and "gidNumber"? (was: Re: ldbedit: no matching records - cannot edit (newly-created user))

Guilherme Boing kolt+samba at frag.com.br
Mon Sep 14 16:36:31 UTC 2015 

Are you using nslcd by any chance ?

I had a simmilar "issue": http://www.spinics.net/lists/samba/msg127737.html
gentent was also showing 513 as the group id, because it was mapping
primaryGroupID as the group instead of gidNumber.

On Mon, Sep 14, 2015 at 1:32 PM, Jim Seymour <jseymour at linxnet.com> wrote:

> On Sun, 13 Sep 2015 18:33:33 +0100
> Rowland Penny <rowlandpenny241155 at gmail.com> wrote:
>
> > On 13/09/15 17:41, Jim Seymour wrote:
> > > On Sat, 12 Sep 2015 17:59:54 +0100
> > > Rowland Penny <rowlandpenny241155 at gmail.com> wrote:
> > >
> > > [snip]
> > >> To add the unix attributes to a user with the samaccountname of
> > >> user, you will need to find the users 'dn'
> > >>
> > >> ldbsearch -H /var/lib/samba/private/sam.ldb '(samaccountname=user)'
> > >> | grep 'dn'
> > >>
> > >> dn: CN=Test User,CN=Users,DC=example,DC=com
> > >>
> > >> OK, now you will need an ldif like this:
> > >>
> > > [snip]
> > >> -
> > >> add: gidNumber
> > >> gidNumber: 10000 # what ever gidNumber you gave to Domain Users
> > >> -
> > > [snip]
> > >
> > > Based on later comments, this would more accurately be:
> > >      -
> > >      add: gidNumber
> > >      gidNumber: 10000 # whatever Unix GID you gave to "Domain Users"
> > >                       # Actually: Can be whatever you want, but
> > > don't # change the primaryGroupID from the "Domain
> > >                       # Users" gid or Things Will Break
> > >      -
> > >
> > > Correct?
> > >
> > > Regards,
> > > Jim
> >
> > Yes, I set the users gidNumber to be the gidNumber of Domain Users,
> > but it could easily be the gidNumber of another group, just make sure
> > the group exists and contains the gidNumber you use.
>
> Setting gidNumber in the user's entry seems to have no effect:
>
>     The user:
>
>     dn: CN=someuser,CN=Users,DC=ad,DC=example,DC=com
>     objectClass: user
>     ...
>     gidNumber: 120
>     ...
>
>     The group:
>
>     dn: CN=users2,CN=Users,DC=ad,DC=example,DC=com
>     objectClass: group
>     cn: users2
>     name: users2
>     sAMAccountName: users2
>     gidNumber: 120
>
>     $ getent group users2
>     EXAMPLE\users2:*:120:
>
>     $ getent passwd someuser
>     EXAMPLE\someuser:*:6001:513::/home/%U:/bin/false
>
> And, indeed, things created by the user end up group 513.
>
> Regards,
> Jim
> --
> Note: My mail server employs *very* aggressive anti-spam
> filtering.  If you reply to this email and your email is
> rejected, please accept my apologies and let me know via my
> web form at <http://jimsun.LinxNet.com/contact/scform.php>.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list