[Samba] Different primary group between 4.5.x and 4.6.x

Rowland Penny rpenny at samba.org
Fri May 26 15:03:19 UTC 2017


On Fri, 26 May 2017 15:50:04 +0200
aluno3--- via samba <samba at lists.samba.org> wrote:

> 
> Is there possibility to not set "Unix
> Attributes" and have the same behavior as in 4.5?

I do not know, you may have found a bug

If I run 'id guest' on a Samba 4.6.x DC, I get this:

uid=3000002(SAMDOM\guest) gid=10000(SAMDOM\domain users)
groups=10000(SAMDOM\domain
users),3000002(SAMDOM\guest),3000003(SAMDOM\domain
guests),3000006(BUILTIN\guests),3000001(BUILTIN\users)

The 'uid' is correct, but, like you, the gid is set to 'Domain Users'
even though the 'guest' users  primaryGroupID is '514' which is 'Domain
Guests'

> 
> Also in "winbind changes" section in release notes we can read:
> 
> "This means that "id <username>" without the user having logged in
> previously stops showing any supplementary groups. Also, it will show
> "DOMAIN\Domain Users" as the primary group. Once the user has logged
> in, "id <username>" will correctly show the primary group and
> supplementary group list. "
> 
> also
> 
> "The winbind change to simplify the calculation of supplementary
> groups to make it more reliable and predictable has been deferred to
> 4.7 or later.
> 
> This means that 'id <username>' without the user having logged in
> previously works similar to 4.5."
> 
> but in spite of I logged to share using guest user, "id <username>"
> shows the same result.
> 
> 

If I run 'id guest' on a Unix domain member, I get:

id: guest: no such user

Have you given 'Guest' a uidNumber and/or gidNumber attribute ?

I do not think that you should be able to log in as 'Guest', this is
Windows version of the Unix user 'nobody' and you cannot log in as
'nobody'

Rowland





More information about the samba mailing list