[Samba] Different primary group between 4.5.x and 4.6.x

aluno3 at poczta.onet.pl aluno3 at poczta.onet.pl
Mon May 29 09:33:21 UTC 2017 

On 29.05.2017 10:42, Rowland Penny via samba wrote:
> On Mon, 29 May 2017 08:40:07 +0200
> aluno3--- via samba <samba at lists.samba.org> wrote:
> 
> 
>>> Have you given 'Guest' a uidNumber and/or gidNumber attribute ?
>>
>> If I run "id guest" I also have "no such user". I need to pass also
>> domain realm:
>>
>> root at root:~$ id guest
>> id: guest: no such user
>> root at root:~$ wbinfo -u|grep -i guest
>> DEV2+guest
>> root at root:~$ id DEV2+guest
>> uid=66037(DEV2+guest) gid=66049(DEV2+domain users)
>> groups=66049(DEV2+domain users),66037(DEV2+guest),66050(DEV2+domain
>> guests)
> 
> OK, so you do not have 'winbind use default domain = yes' in smb.conf,
> but you do have 'winbind separator = +'

Yes, exactly I have 'winbind separator = +'

> 
> I do have the first, so your 'id DEV+guest' is the same as my 'id guest'
> When I run it on a Unix domain member, i get:
> 
> id: guest: no such user
> 
> Bit different on a DC:
> 
> uid=3000002(SAMDOM\guest) gid=10000(SAMDOM\domain users) groups=10000(SAMDOM\domain users),3000002(SAMDOM\guest),3000003(SAMDOM\domain guests),3000006(BUILTIN\guests),3000001(BUILTIN\users)
> 
> As you seem to be getting '66037' for your ID, it seems that you must
> have give 'Guest' a uidNumber or are using the winbind 'rid' backend.
> Either way, you should not be able to login as 'Guest', or 'nobody',
> these are users that should be used in the background.
> 

My configuration for idmap backend is:

idmap config dev2 : range = 65536-19999999
idmap config dev2 : backend = rid
idmap config * : range = 20000000-39999999
idmap config * : backend = autorid

>> In release notes we have:
>>
>> "This means that 'id <username>' without the user having logged in
>> previously works similar to 4.5"
>>
>> I'm a little confused about this. Should I apply patch from:
>>
>> https://bugzilla.samba.org/show_bug.cgi?id=12612
> 
> No, it was for something that was added and then removed before a
> stable release
> 
> Rowland

Does it mean that functionality is not fully reverted?

>  
> 
>

More information about the samba mailing list