[Samba] Force set group id on samba domain member

Michal Michal67M at seznam.cz
Wed Jul 25 19:30:36 UTC 2018 

2018-07-25 18:47 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:

> On Wed, 25 Jul 2018 07:09:39 +0200
> Michal <Michal67M at seznam.cz> wrote:
>
> > 2018-07-24 23:26 GMT+02:00 Rowland Penny via samba
> > <samba at lists.samba.org>:
> >
> > > On Tue, 24 Jul 2018 22:50:16 +0200
> > > Michal <Michal67M at seznam.cz> wrote:
> > >
> > > > 2018-07-24 16:53 GMT+02:00 Rowland Penny via samba
> > > > <samba at lists.samba.org>:
> > > > >
> > > > > Do the users have a gidNumber attribute containing the
> > > > > gidNumber of the required group and if so, is the gidNumber
> > > > > inside the range set in smb.conf and is the version of Samba >=
> > > > > 4.6.0
> > > >
> > > > su - amistest
> > > > Last login: Tue Jul 24 22:37:47 CEST 2018 on pts/4
> > > > $ id
> > > > uid=6603(NIS\amistest) gid=20(games)
> > > > groups=20(games),513(NIS\domain
> > > > users),2108(NIS\evis),2109(NIS\slp),2126(NIS\poj),2157(
> > > NIS\audio),2164(NIS\doprava),2181(NIS\tomocon),2186(NIS\
> > > pacs_diagnostik),10001(BUILTIN\users)
> > >
> > > Your ranges are really wrong, '100-9999' for the 'NIS' (and this is
> > > a stupid name) range, but I think it shows something strange, if I
> > > run 'id rowland' on a Unix domain member, I get:
> > >
> > > uid=10000(rowland) gid=10000(domain users) groups=10000(domain
> > > users),102(netdev),1001(unixtest),10002(unixgroup),
> > > 10010(group12),10024(unix
> > > admins),10004(testgroup),10011(printeradmin),2001(
> > > BUILTIN\users),2000(BUILTIN\administrators)
> > >
> > > My 'idmap config' lines are similar to yours, but, as you can see,
> > > the users 'gid' is 'gid=10000(domain users)', yours is
> > > 'gid=20(games)', how is this possible ? '20' is outside the
> > > '100-9999' range.
> > >
> >
> > I believe I can change primary group of all (normal, not admin) users
> > to "domain users" in AD and I can delete group 20, but I would not
> > expect this helps with the problem.
> >
> > Michal
> >
> >
> >
> > >
> > > Do you have users & groups in AD and in /etc/passwd & /etc/group ?
>
> You have never answered the above question and until you do, I cannot
> offer further help.
>
>
Well I do not understand the question.. Of course I have users and groups
both in AD and in system files... There are OS specific users and groups in
the system files  and  there are AD users and groups in AD.  AD users and
groups are not in the system files.

Michal



> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list