[Samba] Different primary group between 4.5.x and 4.6.x

aluno3 at poczta.onet.pl aluno3 at poczta.onet.pl
Tue May 30 14:02:37 UTC 2017


Additionally if I authenticate to user using wbinfo -a it seems to works
correctly:

root at root:~$ id DEV2+guest uid=2000501(DEV2+guest)
gid=2000513(DEV2+domain users) groups=2000513(DEV2+domain
users),2000501(DEV2+guest),2000514(DEV2+domain guests)

root at root:~$ wbinfo -a DEV2+guest
Enter DEV2+guest's password:
plaintext password authentication succeeded
Enter DEV2+guest's password:
challenge/response password authentication succeeded

root at root:~$ id DEV2+guest
uid=2000501(DEV2+guest) gid=2000514(DEV2+domain guests)
groups=2000514(DEV2+domain guests),2000501(DEV2+guest)

so seems that if samlogon cache is filled then primary group is returned
correctly.

But I suppose that if I use share using NFS (without Samba
authentication) and have some ACL to files or directories I will
probably have issues with access denied.


On 30.05.2017 11:54, aluno3 at poczta.onet.pl wrote:
> I changed default/primary group for other user than guest and issue also
> occurred so if domain user has default group other than "domain users",
> 'id <username>' always shows "domain users" as primary group.
> 
> On 29.05.2017 12:30, aluno3 at poczta.onet.pl wrote:
>> On 29.05.2017 12:03, Rowland Penny via samba wrote:
>>> On Mon, 29 May 2017 11:33:21 +0200
>>> aluno3--- via samba <samba at lists.samba.org> wrote:
>>>
>>>> My configuration for idmap backend is:
>>>>
>>>> idmap config dev2 : range = 65536-19999999
>>>> idmap config dev2 : backend = rid
>>>> idmap config * : range = 20000000-39999999
>>>> idmap config * : backend = autorid
>>>
>>> It is recommended to use the tdb backend for the '*'  domain
>>
>> I will try to use tdb backend but in relative to issue with primary
>> group it will not help.
>>
>>>
>>>>
>>>> Does it mean that functionality is not fully reverted?
>>>>
>>>
>>> No, it means that a patch was added and then removed, as far as the code
>>> is concerned, it is just as if the patch had never existed.
>>>
>>> Rowland
>>>
>>
>> I suppose that not all commits from 2017-01-04 from Volker was reverted
>> on 2017-03-06. Am I wrong ?
>>
>> Additionally in commit:
>>
>> https://git.samba.org/?p=samba.git;a=commitdiff;h=93e804a8b0e63f90c166f063fa16a1238cd8f8f3
>>
>>
>> we have updated release notes regarding to 'id <username>' but on:
>>
>> https://wiki.samba.org/index.php/Samba_4.6_Features_added/changed#winbind_changes
>>
>> this information is not updated so it can bring the confusion.
>>
>>
> 




More information about the samba mailing list