[Samba] Force set group id on samba domain member

Rowland Penny rpenny at samba.org
Tue Jul 24 21:26:42 UTC 2018


On Tue, 24 Jul 2018 22:50:16 +0200
Michal <Michal67M at seznam.cz> wrote:

> 2018-07-24 16:53 GMT+02:00 Rowland Penny via samba
> <samba at lists.samba.org>:
> >
> > Do the users have a gidNumber attribute containing the gidNumber of
> > the required group and if so, is the gidNumber inside the range set
> > in smb.conf and is the version of Samba >= 4.6.0
> 
> su - amistest
> Last login: Tue Jul 24 22:37:47 CEST 2018 on pts/4
> $ id
> uid=6603(NIS\amistest) gid=20(games) groups=20(games),513(NIS\domain
> users),2108(NIS\evis),2109(NIS\slp),2126(NIS\poj),2157(NIS\audio),2164(NIS\doprava),2181(NIS\tomocon),2186(NIS\pacs_diagnostik),10001(BUILTIN\users)

Your ranges are really wrong, '100-9999' for the 'NIS' (and this is a
stupid name) range, but I think it shows something strange, if I run
'id rowland' on a Unix domain member, I get:

uid=10000(rowland) gid=10000(domain users) groups=10000(domain
users),102(netdev),1001(unixtest),10002(unixgroup),10010(group12),10024(unix
admins),10004(testgroup),10011(printeradmin),2001(BUILTIN\users),2000(BUILTIN\administrators)

My 'idmap config' lines are similar to yours, but, as you can see, the
users 'gid' is 'gid=10000(domain users)', yours is 'gid=20(games)', how
is this possible ? '20' is outside the '100-9999' range.

Do you have users & groups in AD and in /etc/passwd & /etc/group ?
 
What is the OS
What is the Active directory DC ?

Rowland



More information about the samba mailing list