[Samba] using Windows AD unwanted Group rights get applied to new Files
Rowland Penny
rpenny at samba.org
Wed Aug 8 07:17:26 UTC 2018
On Tue, 07 Aug 2018 22:43:23 +0100
Miguel Medalha via samba <samba at lists.samba.org> wrote:
> > By default, every AD user is a member of 'Domain Users' and so,
> > when you use the 'rid' backend every Unix user gets the group as
> > their primary group.
>
> > The only way to change this is by using a version of Samba >= 4.6.0
> > and use the 'ad' backendĀ (...)
>
> You can also use RSAT and define some other group as the user's
> primary group, and still use 'rid' backend. If I remember well, the
> setting resides in the "Member of" tab of Active Directory Users and
> Computers (ADUC).
Wrong, that just adds another attribute ('msSFU30PosixMember' I
think) and this is ignored.
Yes, there is another way, add user to a group, change users
primaryGroupID attribute to contain the RID of the new group and your
users group on Unix will be the new group. Unfortunately there is a big
problem with doing this, it breaks Windows, as it relies on all users
being a member of Domain Users and that group not actually having any
members ;-)
Rowland
More information about the samba
mailing list