[Samba] Domain member server: user access

Stefan G. Weichinger lists at xunil.at
Mon Oct 9 18:36:15 UTC 2017

Am 2017-10-09 um 20:29 schrieb Rowland Penny:

> Unless you have done something strange like giving a group the 
> gidNumber '3000013', this is an xidNumber and isn't used anywhere 
> except on a DC. It is also probably one of the Well Known SIDs, so
> you shouldn't remove and recreate one of these. Which leads us to
> the obvious question, what was the group name ?

Actually, it's still there on the DC:

# wbinfo --group-info="domain admins"
ARBEITSGRUPPE\domain admins:x:3000013:

# net cache flush
# wbinfo --group-info="domain admins"
ARBEITSGRUPPE\domain admins:x:10512:

The new and needed group for the particular ACL:

# wbinfo --group-info="gfass"

I chose 10850 just to make sure I am away from other IDs.
Is there a simple way to read the (highest) used group-id?

btw: ACLs work now for the specific folders/ groups, that is not the 

>> Your reported bug still sits there unnoticed, right?
> Not unnoticed, just not yet resolved ;-)

Ah, I see ;-) good.

More information about the samba mailing list