[Samba] Fwd: Force set group id on samba domain member

Michal Michal67M at seznam.cz
Thu Jul 26 08:49:17 UTC 2018

2018-07-26 9:16 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:

> On Wed, 25 Jul 2018 23:25:05 +0200
> Michal <Michal67M at seznam.cz> wrote:
> > I do not know If I get what you mean..
> >
> > # su - amistest
> > Last login: Tue Jul 24 22:48:18 CEST 2018 on pts/4
> > -bash-4.2$ id
> > uid=6603(NIS\amistest) gid=20(games) groups=20(games),513(NIS\domain
> > users),2108(NIS\evis),2109(NIS\slp),2126(NIS\poj),2157(
> NIS\audio),2164(NIS\doprava),2181(NIS\tomocon),2186(NIS\
> pacs_diagnostik),10001(BUILTIN\users)
> >
> > It is "gid=20(games)", not  "gid=20(NIS\games)". gid 20 games comes
> > from OS local /etc/group. It seems to me to be exactly what I would
> > expected. Winbind did not do domain name translation of group 20,
> > because it is not within domain range, thats ok, isn't it?
> >
> What I am trying to get at is, the users primary group should come from
> AD, yours appears to be coming from /etc/group, this is what I do not
> understand.
I think it works this way:
Primary group of users on hp-ux is "users", with gidnumber 20.  Users in
LDAP NT4 domain were/are being created with hp-ux unix attributes. This
number 20 is users' primary group id in our LDAP with "users-nis" group
name (yes, I know, it's a stupid name). This was inserted into AD via
classicupgrade. Common users in AD have UNIX primary group attribute id=20,
what is displayed as "users-nis" in eg RSAT GUI in domain users.
The gid number 20 is gotten from AD on Linux DM, but because 20 is out of
range for domain, nslookup (or whatever it is) displays group name from
local /etc/group, which is "games".


> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list