[Samba] winbind rfc2307 - wbinfo -i fails

Brian Candler b.candler at pobox.com
Fri Dec 9 17:54:17 UTC 2016

On 08/12/2016 13:44, Oliver Heinz wrote:
> So I gave Domain Users 99999 and voilĂ :
> root at m1:~# wbinfo -i SAMDOM\\demo01
> SAMDOM\demo01:*:10000:99999:demo01:/home/demo01:/bin/bash
> Seems samba always uses the primaryGroupID which for demo01 is set to 
> 'Domain Users'. Im just wondering a bit then why there is a gidNumber 
> as an user attribute, as it is not used in the posix context. 

I asked the same question recently:


The answer is that Samba's own winbind doesn't use the user's gidNumber, 
but other consumers of Active Directory may - including RedHat's sssd-ad.

=> In the case of winbind, the user entry's gidNumber is ignored. The 
user's gid is taken from the user's primary Windows group (which *must* 
have a gidNumber, otherwise the user is entirely ignored by winbind)

=> In the case of sssd-ad, the user entry must have a uidNumber and 
gidNumber, and that's all. There doesn't even have to be any group with 
a corresponding gidNumber. The Windows primary group is ignored.



More information about the samba mailing list