[Samba] winbind behavior question

d tbsky tbskyd at gmail.com
Mon Jul 23 10:47:29 UTC 2018

2018-07-23 18:38 GMT+08:00 Rowland Penny via samba <samba at lists.samba.org>:
> On Mon, 23 Jul 2018 18:22:55 +0800
> d tbsky <tbskyd at gmail.com> wrote:
>> 2018-07-23 18:01 GMT+08:00 Rowland Penny via samba
>> <samba at lists.samba.org>:
>> > On Mon, 23 Jul 2018 17:19:07 +0800
>> > When I said 'ignored', I should have said 'ignored by Unix', if your
>> > users are logging into Windows, then they are not using the
>> > uidNumber & gidNumber attributes, they are using the objectSid &
>> > primaryGroupID attributes.
>>     sorry when I said "login" I should said "login samba file server".
>> > No, ALL users (Unix or Windows) rely on the primaryGroupID attribute
>> > and this MUST be set to '513', if you change this, you break AD.
>> > Before 4.6.0, Unix users relied on Domain Users having a gidNumber,
>> > from 4.6.0, you can override this by giving a group a gidNumber and
>> > using this gidNumber for the users.
>> > NOTE: you can use different groups for different users.
>> > It still works for me, it sounds like you were doing something you
>> > shouldn't.
>>      I think maybe the difference is that you still stay on default
>> "domain users" group as primary group.
> No, I have Unix domain members that use a groups gidNumber as a users
> users primary group, I just don't alter the primaryGroupID attribute.
>> none of our users  use the default "domain users" as primary group. I
>> don't know if this is something I should not do.
>> but they work fine before. and there seems no document warning about
>> we should not change the default primary group.
> Then it looks like I need to add something to the Samba wiki about this.

   maybe. please wait a moment. I will re-setup the environment to
check it the theory is correct.

More information about the samba mailing list