[Samba] winbind behavior question

d tbsky tbskyd at gmail.com
Mon Jul 23 10:22:55 UTC 2018

2018-07-23 18:01 GMT+08:00 Rowland Penny via samba <samba at lists.samba.org>:
> On Mon, 23 Jul 2018 17:19:07 +0800
> When I said 'ignored', I should have said 'ignored by Unix', if your
> users are logging into Windows, then they are not using the uidNumber &
> gidNumber attributes, they are using the objectSid & primaryGroupID
> attributes.

    sorry when I said "login" I should said "login samba file server".

> No, ALL users (Unix or Windows) rely on the primaryGroupID attribute
> and this MUST be set to '513', if you change this, you break AD.
> Before 4.6.0, Unix users relied on Domain Users having a gidNumber,
> from 4.6.0, you can override this by giving a group a gidNumber and
> using this gidNumber for the users.
> NOTE: you can use different groups for different users.
> It still works for me, it sounds like you were doing something you
> shouldn't.

     I think maybe the difference is that you still stay on default
"domain users" group as primary group.
none of our users  use the default "domain users" as primary group. I
don't know if this is something I should not do.
but they work fine before. and there seems no document warning about
we should not change the default primary group.

More information about the samba mailing list