[Samba] winbind rfc2307 - wbinfo -i fails
Brian Candler
b.candler at pobox.com
Fri Dec 9 17:54:17 UTC 2016
On 08/12/2016 13:44, Oliver Heinz wrote:
> So I gave Domain Users 99999 and voilĂ :
>
> root at m1:~# wbinfo -i SAMDOM\\demo01
> SAMDOM\demo01:*:10000:99999:demo01:/home/demo01:/bin/bash
>
> Seems samba always uses the primaryGroupID which for demo01 is set to
> 'Domain Users'. Im just wondering a bit then why there is a gidNumber
> as an user attribute, as it is not used in the posix context.
I asked the same question recently:
https://lists.samba.org/archive/samba/2016-November/204786.html
https://lists.samba.org/archive/samba/2016-November/204810.html
The answer is that Samba's own winbind doesn't use the user's gidNumber,
but other consumers of Active Directory may - including RedHat's sssd-ad.
=> In the case of winbind, the user entry's gidNumber is ignored. The
user's gid is taken from the user's primary Windows group (which *must*
have a gidNumber, otherwise the user is entirely ignored by winbind)
=> In the case of sssd-ad, the user entry must have a uidNumber and
gidNumber, and that's all. There doesn't even have to be any group with
a corresponding gidNumber. The Windows primary group is ignored.
HTH,
Brian.
More information about the samba
mailing list