[Samba] Different primary group between 4.5.x and 4.6.x

aluno3 at poczta.onet.pl aluno3 at poczta.onet.pl
Fri May 26 12:36:45 UTC 2017

I have upgraded Samba in my environment from 4.5.10 to 4.6.3 and
experienced issue with primary group for domain guest user:

With Samba 4.5.10 primary group for DEV2+guest was "DEV2+domain guests":

root at root:~# id DEV2+guest
uid=66037(DEV2+guest) gid=66050(DEV2+domain guests)
groups=66050(DEV2+domain guests)

With Samba 4.6.3 primary group for DEV2+guest is "DEV2+domain users":

root at root:~# id DEV2+guest
uid=66037(DEV2+guest) gid=66049(DEV2+domain users)
groups=66049(DEV2+domain users),66050(DEV2+domain guests)

Even though DEV2+guest does not belong to "DEV2+domain users" and wbinfo
also shows:

root at root:~# wbinfo --gid-info=66049|grep -i guest
root at root:~# wbinfo --gid-info=66050|grep -i guest
DEV2+domain guests:x:66050:DEV2+guest

so why with Samba 4.6.3 id or getent passwd shows that primary group for
my guest user is group which that user does not belong to.

I saw and checked new options for idmap config:

idmap config <DOMAIN> : unix_primary_group
idmap config <DOMAIN> : unix_nss_info

but if I set they to yes or not effect is the same.

I tested below configuration for idmap:

idmap config dev2 : unix_nss_info = no/yes
idmap config dev2 : unix_primary_group = no/yes
idmap config dev2 : range = 65536-19999999
idmap config dev2 : backend = rid
idmap config * : range = 20000000-39999999
idmap config * : backend = autorid

More information about the samba mailing list