[Samba] Different primary group between 4.5.x and 4.6.x

aluno3 at poczta.onet.pl aluno3 at poczta.onet.pl
Fri May 26 13:50:04 UTC 2017 

On 26.05.2017 15:31, Rowland Penny via samba wrote:
> On Fri, 26 May 2017 14:36:45 +0200
> aluno3--- via samba <samba at lists.samba.org> wrote:
> 
>> I have upgraded Samba in my environment from 4.5.10 to 4.6.3 and
>> experienced issue with primary group for domain guest user:
>>
>> With Samba 4.5.10 primary group for DEV2+guest was "DEV2+domain
>> guests":
>>
>> root at root:~# id DEV2+guest
>> uid=66037(DEV2+guest) gid=66050(DEV2+domain guests)
>> groups=66050(DEV2+domain guests)
>>
>>
>> With Samba 4.6.3 primary group for DEV2+guest is "DEV2+domain users":
>>
> 
> If you check the release notes for 4.6.0, you will find this:
> 
> winbind primary group and nss info
> ----------------------------------
> 
> With 4.6, it will be possible to optionally use the primary group as
> set in the "Unix Attributes" tab for the local unix token of a domain
> user.  Before 4.6, the Windows primary group was always chosen as
> primary group for the local unix token.
> 
> To activate the unix primary group, set
> 
> idmap config <DOMAIN> : unix_primary_group = yes
> 
> 
> I wonder if is possibly an artefact of the above change, because you
> seem to have possibly given 'Guest' a uidNumber.
> 
> Rowland
>  
> 

Is there possibility to not set "Unix
Attributes" and have the same behavior as in 4.5?

Also in "winbind changes" section in release notes we can read:

"This means that "id <username>" without the user having logged in
previously stops showing any supplementary groups. Also, it will show
"DOMAIN\Domain Users" as the primary group. Once the user has logged in,
"id <username>" will correctly show the primary group and supplementary
group list. "

also

"The winbind change to simplify the calculation of supplementary groups
to make it more reliable and predictable has been deferred to 4.7 or later.

This means that 'id <username>' without the user having logged in
previously works similar to 4.5."

but in spite of I logged to share using guest user, "id <username>"
shows the same result.

More information about the samba mailing list