[Samba] Domain member server: user access

Rowland Penny rpenny at samba.org
Tue Sep 26 13:15:00 UTC 2017

On Tue, 26 Sep 2017 14:54:58 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:

> Mandi! Rowland Penny via samba
>   In chel di` si favelave...
> > This means that the Windows group is mapped to the Unix group
> > 'users' on a DC, up until you give Domain Users a gidNumber, then
> > the ID will change to the one you placed in the gidNumber attribute
> > in Domain Users.
> I can confirm that.
> Using ADUC i've noted that 'Domain Users' have no GID assigned, so
> seems that some samba ''internal'' logic assign GID 100 'by default'.

Yes, but only on a DC.

> After assigning GID 10513:
>  root at vdcsv1:~# net cache flush
>  root at vdcsv1:~# getent group "Domain Users"
>  LNFFVG\domain users:x:10513:
>  root at vdcsv1:~# wbinfo -G 10513
>  S-1-5-21-160080369-3601385002-3131615632-513

As expected, but if you use the winbind 'ad' backend, you will get this


More information about the samba mailing list