[Samba] Different primary group between 4.5.x and 4.6.x

aluno3 at poczta.onet.pl aluno3 at poczta.onet.pl
Mon May 29 06:40:07 UTC 2017 

On 26.05.2017 17:03, Rowland Penny via samba wrote:
> On Fri, 26 May 2017 15:50:04 +0200
> aluno3--- via samba <samba at lists.samba.org> wrote:
> 
>>
>> Is there possibility to not set "Unix
>> Attributes" and have the same behavior as in 4.5?
> 
> I do not know, you may have found a bug
> 
> If I run 'id guest' on a Samba 4.6.x DC, I get this:
> 
> uid=3000002(SAMDOM\guest) gid=10000(SAMDOM\domain users)
> groups=10000(SAMDOM\domain
> users),3000002(SAMDOM\guest),3000003(SAMDOM\domain
> guests),3000006(BUILTIN\guests),3000001(BUILTIN\users)
> 
> The 'uid' is correct, but, like you, the gid is set to 'Domain Users'
> even though the 'guest' users  primaryGroupID is '514' which is 'Domain
> Guests'
> 
>>
>> Also in "winbind changes" section in release notes we can read:
>>
>> "This means that "id <username>" without the user having logged in
>> previously stops showing any supplementary groups. Also, it will show
>> "DOMAIN\Domain Users" as the primary group. Once the user has logged
>> in, "id <username>" will correctly show the primary group and
>> supplementary group list. "
>>
>> also
>>
>> "The winbind change to simplify the calculation of supplementary
>> groups to make it more reliable and predictable has been deferred to
>> 4.7 or later.
>>
>> This means that 'id <username>' without the user having logged in
>> previously works similar to 4.5."
>>
>> but in spite of I logged to share using guest user, "id <username>"
>> shows the same result.
>>
>>
> 
> If I run 'id guest' on a Unix domain member, I get:
> 
> id: guest: no such user
> 
> Have you given 'Guest' a uidNumber and/or gidNumber attribute ?

If I run "id guest" I also have "no such user". I need to pass also
domain realm:

root at root:~$ id guest
id: guest: no such user
root at root:~$ wbinfo -u|grep -i guest
DEV2+guest
root at root:~$ id DEV2+guest
uid=66037(DEV2+guest) gid=66049(DEV2+domain users)
groups=66049(DEV2+domain users),66037(DEV2+guest),66050(DEV2+domain guests)


> 
> I do not think that you should be able to log in as 'Guest', this is
> Windows version of the Unix user 'nobody' and you cannot log in as
> 'nobody'
> 

of course I meant about DEV2+guest.

In release notes we have:

"This means that 'id <username>' without the user having logged in
previously works similar to 4.5"

I'm a little confused about this. Should I apply patch from:

https://bugzilla.samba.org/show_bug.cgi?id=12612

which bug was mentioned here:

https://www.samba.org/samba/history/samba-4.6.0.html
https://wiki.samba.org/index.php/Samba_4.6_Features_added/changed

to have the same result as in 4.5? or this should also work in native
4.6 version without any changes?

More information about the samba mailing list