[Samba] Wither "uidNumber" and "gidNumber"? (was: Re: ldbedit: no matching records - cannot edit (newly-created user))
Guilherme Boing
kolt+samba at frag.com.br
Tue Sep 15 11:22:09 UTC 2015
I would recommend doing what mathias said so... that is what I am doing,
but instead of sssd, I am using nslcd.
The only server that the AD users can't connect is the DC itself, because
the DC runs winbind. Every other server on the network is running nslcd and
everyone with UNIX Attributes are properly configurated to login with their
correct gid.
On Tue, Sep 15, 2015 at 8:14 AM, Jim Seymour <jseymour at linxnet.com> wrote:
> On Tue, 15 Sep 2015 10:36:10 +0200
> mathias dufresne <infractory at gmail.com> wrote:
>
> > Hi Jim,
> >
> > First I apologize: I did not re-read everything.
>
> No problem and thanks for taking the time to follow-up.
>
> >
> > Do you use winbind in /etc/nsswitch.conf?
> [snip]
>
> Yes.
>
> >
> > As far as I have understood winbind is not configurable for AD
> > attributes used to build users for Linux systems, so your users will
> > have a primary group set to primaryGroupID.
>
> That would appear to be so. And, in fact: I actually tried to change
> my test user's primaryGroupID to another, and ldbedit responded with
> "Unwilling to perform."
>
> >
> > This is not really an issue on DC: users are not supposed to
> > connected on DC, no files should be created - except from your admins
> > - and so no incoherencies (in files ownership) should happen.
>
> *sigh* This is typical of Microsoft Windows thinking: "A thing cannot do
> more than one thing or it'll fall over." But this *isn't* an MS-Windows
> server and it *can* do more than one thing at a time.
>
> If I can't work around this, somehow, it'll be a show-stopper and
> Samba4 AD will have to go. A shame, that would be, as it was looking so
> positive before this.
>
> >
> [snip]
> >
> > Now to answer to last mail from Rowland, primary group is important
> > in UNIX world as this group is mainly used give group ownership of
> > newly created files and folders.
> [snip]
>
> Unless, of course, over-ridden by SGID, through one-or-another means.
>
> Regards,
> Jim
> --
> Note: My mail server employs *very* aggressive anti-spam
> filtering. If you reply to this email and your email is
> rejected, please accept my apologies and let me know via my
> web form at <http://jimsun.LinxNet.com/contact/scform.php>.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list