[Samba] winbind behavior question
Rowland Penny
rpenny at samba.org
Mon Jul 23 10:38:05 UTC 2018
On Mon, 23 Jul 2018 18:22:55 +0800
d tbsky <tbskyd at gmail.com> wrote:
> 2018-07-23 18:01 GMT+08:00 Rowland Penny via samba
> <samba at lists.samba.org>:
> > On Mon, 23 Jul 2018 17:19:07 +0800
> > When I said 'ignored', I should have said 'ignored by Unix', if your
> > users are logging into Windows, then they are not using the
> > uidNumber & gidNumber attributes, they are using the objectSid &
> > primaryGroupID attributes.
>
> sorry when I said "login" I should said "login samba file server".
>
> > No, ALL users (Unix or Windows) rely on the primaryGroupID attribute
> > and this MUST be set to '513', if you change this, you break AD.
> > Before 4.6.0, Unix users relied on Domain Users having a gidNumber,
> > from 4.6.0, you can override this by giving a group a gidNumber and
> > using this gidNumber for the users.
> > NOTE: you can use different groups for different users.
> > It still works for me, it sounds like you were doing something you
> > shouldn't.
>
> I think maybe the difference is that you still stay on default
> "domain users" group as primary group.
No, I have Unix domain members that use a groups gidNumber as a users
users primary group, I just don't alter the primaryGroupID attribute.
> none of our users use the default "domain users" as primary group. I
> don't know if this is something I should not do.
> but they work fine before. and there seems no document warning about
> we should not change the default primary group.
Then it looks like I need to add something to the Samba wiki about this.
Rowland
More information about the samba
mailing list