[Samba] Different primary group between 4.5.x and 4.6.x

Rowland Penny rpenny at samba.org
Mon May 29 08:42:51 UTC 2017


On Mon, 29 May 2017 08:40:07 +0200
aluno3--- via samba <samba at lists.samba.org> wrote:


> > Have you given 'Guest' a uidNumber and/or gidNumber attribute ?
> 
> If I run "id guest" I also have "no such user". I need to pass also
> domain realm:
> 
> root at root:~$ id guest
> id: guest: no such user
> root at root:~$ wbinfo -u|grep -i guest
> DEV2+guest
> root at root:~$ id DEV2+guest
> uid=66037(DEV2+guest) gid=66049(DEV2+domain users)
> groups=66049(DEV2+domain users),66037(DEV2+guest),66050(DEV2+domain
> guests)

OK, so you do not have 'winbind use default domain = yes' in smb.conf,
but you do have 'winbind separator = +'

I do have the first, so your 'id DEV+guest' is the same as my 'id guest'
When I run it on a Unix domain member, i get:

id: guest: no such user

Bit different on a DC:

uid=3000002(SAMDOM\guest) gid=10000(SAMDOM\domain users) groups=10000(SAMDOM\domain users),3000002(SAMDOM\guest),3000003(SAMDOM\domain guests),3000006(BUILTIN\guests),3000001(BUILTIN\users)

As you seem to be getting '66037' for your ID, it seems that you must
have give 'Guest' a uidNumber or are using the winbind 'rid' backend.
Either way, you should not be able to login as 'Guest', or 'nobody',
these are users that should be used in the background.

> In release notes we have:
> 
> "This means that 'id <username>' without the user having logged in
> previously works similar to 4.5"
> 
> I'm a little confused about this. Should I apply patch from:
> 
> https://bugzilla.samba.org/show_bug.cgi?id=12612

No, it was for something that was added and then removed before a
stable release

Rowland
 




More information about the samba mailing list