[Samba] Wither "uidNumber" and "gidNumber"? (was: Re: ldbedit: no matching records - cannot edit (newly-created user))

Jim Seymour jseymour at LinxNet.com
Tue Sep 15 11:14:15 UTC 2015

On Tue, 15 Sep 2015 10:36:10 +0200
mathias dufresne <infractory at gmail.com> wrote:

> Hi Jim,
> First I apologize: I did not re-read everything.

No problem and thanks for taking the time to follow-up.

> Do you use winbind in /etc/nsswitch.conf?


> As far as I have understood winbind is not configurable for AD
> attributes used to build users for Linux systems, so your users will
> have a primary group set to primaryGroupID.

That would appear to be so.  And, in fact: I actually tried to change
my test user's primaryGroupID to another, and ldbedit responded with
"Unwilling to perform."

> This is not really an issue on DC: users are not supposed to
> connected on DC, no files should be created - except from your admins
> - and so no incoherencies (in files ownership) should happen.

*sigh* This is typical of Microsoft Windows thinking: "A thing cannot do
more than one thing or it'll fall over."  But this *isn't* an MS-Windows
server and it *can* do more than one thing at a time.

If I can't work around this, somehow, it'll be a show-stopper and
Samba4 AD will have to go.  A shame, that would be, as it was looking so
positive before this.

> Now to answer to last mail from Rowland, primary group is important
> in UNIX world as this group is mainly used give group ownership of
> newly created files and folders.

Unless, of course, over-ridden by SGID, through one-or-another means.

Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.

More information about the samba mailing list