[Samba] chgrp "Domain Admins" on folder return invalid group "Domain Admins"
Rowland penny
rpenny at samba.org
Tue Apr 5 13:52:17 UTC 2016
On 05/04/16 14:32, Jules Houantonon wrote:
> Thank you Rowland for your mail.
>
> My aim is to create a fileserver with samba4 and with acl supported.
> Users most logon through their windows that are in domain to access
> their shares.
>
> Samba how to and your explanations open my eyes on the interaction
> between samba users and group with the Linux OS.
>
> From ADUC, I assign an Unix Attribute to a user accout, and
> automatically it is given 10000 as its UID, getent command still not
> display it.
The next one should get 10001
>
> So in my plan, users should only exist in active directory. Does that
> mean that getent can still display user or group information that will
> only exist in AD ?
>
getent will display users known to the underlying OS, this is done by
specifying what methods to use in /etc/nsswitch.conf. For users, there
is a line that starts 'passwd', this normally contains 'compat ' or
'files' and will mean 'getent passwd auser' will return the users info
found in the file /etc/passwd. If you want to user a different method to
use to get a users info, you would add it after 'compat ' or 'files'
i.e. to use winbind 'passwd compat winbind'. This would mean that when
you run 'getent passwd auser' , the user would be found by first
searching in /etc/passwd (this is why you cannot have users in
/etc/passwd & AD) and then by asking winbind. On a DC, winbind would
assign an xidNumber and then store it in idmap.ldb *or* you can give
each user a 'uidNumber' and then this will be used instead, only problem
is that the old xidNumber will take precedence for a time, but you can
short circuit this by running:
net cache flush
> Sorry if i am missing something.
>
> Thank you
>
More information about the samba
mailing list