[Samba] winbind behavior question

Rowland Penny rpenny at samba.org
Mon Jul 23 10:38:05 UTC 2018

On Mon, 23 Jul 2018 18:22:55 +0800
d tbsky <tbskyd at gmail.com> wrote:

> 2018-07-23 18:01 GMT+08:00 Rowland Penny via samba
> <samba at lists.samba.org>:
> > On Mon, 23 Jul 2018 17:19:07 +0800
> > When I said 'ignored', I should have said 'ignored by Unix', if your
> > users are logging into Windows, then they are not using the
> > uidNumber & gidNumber attributes, they are using the objectSid &
> > primaryGroupID attributes.
>     sorry when I said "login" I should said "login samba file server".
> > No, ALL users (Unix or Windows) rely on the primaryGroupID attribute
> > and this MUST be set to '513', if you change this, you break AD.
> > Before 4.6.0, Unix users relied on Domain Users having a gidNumber,
> > from 4.6.0, you can override this by giving a group a gidNumber and
> > using this gidNumber for the users.
> > NOTE: you can use different groups for different users.
> > It still works for me, it sounds like you were doing something you
> > shouldn't.
>      I think maybe the difference is that you still stay on default
> "domain users" group as primary group.

No, I have Unix domain members that use a groups gidNumber as a users
users primary group, I just don't alter the primaryGroupID attribute.
> none of our users  use the default "domain users" as primary group. I
> don't know if this is something I should not do.
> but they work fine before. and there seems no document warning about
> we should not change the default primary group.

Then it looks like I need to add something to the Samba wiki about this.


More information about the samba mailing list