[Samba] Wither "uidNumber" and "gidNumber"? (was: Re: ldbedit: no matching records - cannot edit (newly-created user))
jseymour at LinxNet.com
Tue Sep 15 11:14:15 UTC 2015
On Tue, 15 Sep 2015 10:36:10 +0200
mathias dufresne <infractory at gmail.com> wrote:
> Hi Jim,
> First I apologize: I did not re-read everything.
No problem and thanks for taking the time to follow-up.
> Do you use winbind in /etc/nsswitch.conf?
> As far as I have understood winbind is not configurable for AD
> attributes used to build users for Linux systems, so your users will
> have a primary group set to primaryGroupID.
That would appear to be so. And, in fact: I actually tried to change
my test user's primaryGroupID to another, and ldbedit responded with
"Unwilling to perform."
> This is not really an issue on DC: users are not supposed to
> connected on DC, no files should be created - except from your admins
> - and so no incoherencies (in files ownership) should happen.
*sigh* This is typical of Microsoft Windows thinking: "A thing cannot do
more than one thing or it'll fall over." But this *isn't* an MS-Windows
server and it *can* do more than one thing at a time.
If I can't work around this, somehow, it'll be a show-stopper and
Samba4 AD will have to go. A shame, that would be, as it was looking so
positive before this.
> Now to answer to last mail from Rowland, primary group is important
> in UNIX world as this group is mainly used give group ownership of
> newly created files and folders.
Unless, of course, over-ridden by SGID, through one-or-another means.
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
More information about the samba