[Samba] Different primary group between 4.5.x and 4.6.x
aluno3 at poczta.onet.pl
aluno3 at poczta.onet.pl
Fri May 26 12:36:45 UTC 2017
I have upgraded Samba in my environment from 4.5.10 to 4.6.3 and
experienced issue with primary group for domain guest user:
With Samba 4.5.10 primary group for DEV2+guest was "DEV2+domain guests":
root at root:~# id DEV2+guest
uid=66037(DEV2+guest) gid=66050(DEV2+domain guests)
groups=66050(DEV2+domain guests)
With Samba 4.6.3 primary group for DEV2+guest is "DEV2+domain users":
root at root:~# id DEV2+guest
uid=66037(DEV2+guest) gid=66049(DEV2+domain users)
groups=66049(DEV2+domain users),66050(DEV2+domain guests)
Even though DEV2+guest does not belong to "DEV2+domain users" and wbinfo
also shows:
root at root:~# wbinfo --gid-info=66049|grep -i guest
root at root:~# wbinfo --gid-info=66050|grep -i guest
DEV2+domain guests:x:66050:DEV2+guest
so why with Samba 4.6.3 id or getent passwd shows that primary group for
my guest user is group which that user does not belong to.
I saw and checked new options for idmap config:
idmap config <DOMAIN> : unix_primary_group
idmap config <DOMAIN> : unix_nss_info
but if I set they to yes or not effect is the same.
I tested below configuration for idmap:
idmap config dev2 : unix_nss_info = no/yes
idmap config dev2 : unix_primary_group = no/yes
idmap config dev2 : range = 65536-19999999
idmap config dev2 : backend = rid
idmap config * : range = 20000000-39999999
idmap config * : backend = autorid
More information about the samba
mailing list