[Samba] Fwd: Force set group id on samba domain member

[Rowland Penny]

On Thu, 26 Jul 2018 10:49:17 +0200
Michal <Michal67M at seznam.cz> wrote:

> 2018-07-26 9:16 GMT+02:00 Rowland Penny via samba
> <samba at lists.samba.org>:
> 
> > On Wed, 25 Jul 2018 23:25:05 +0200
> > Michal <Michal67M at seznam.cz> wrote:
> >
> > > I do not know If I get what you mean..
> > >
> > > # su - amistest
> > > Last login: Tue Jul 24 22:48:18 CEST 2018 on pts/4
> > > -bash-4.2$ id
> > > uid=6603(NIS\amistest) gid=20(games)
> > > groups=20(games),513(NIS\domain
> > > users),2108(NIS\evis),2109(NIS\slp),2126(NIS\poj),2157(
> > NIS\audio),2164(NIS\doprava),2181(NIS\tomocon),2186(NIS\
> > pacs_diagnostik),10001(BUILTIN\users)
> > >
> > > It is "gid=20(games)", not  "gid=20(NIS\games)". gid 20 games
> > > comes from OS local /etc/group. It seems to me to be exactly what
> > > I would expected. Winbind did not do domain name translation of
> > > group 20, because it is not within domain range, thats ok, isn't
> > > it?
> > >
> >
> > What I am trying to get at is, the users primary group should come
> > from AD, yours appears to be coming from /etc/group, this is what I
> > do not understand.
> >
> >
> I think it works this way:
> Primary group of users on hp-ux is "users", with gidnumber 20.  Users
> in LDAP NT4 domain were/are being created with hp-ux unix attributes.
> This number 20 is users' primary group id in our LDAP with
> "users-nis" group name (yes, I know, it's a stupid name). This was
> inserted into AD via classicupgrade. Common users in AD have UNIX
> primary group attribute id=20,

Are you saying that your AD users primaryGroupID attribute has been
changed to '20' from '513'

> what is displayed as "users-nis" in eg
> RSAT GUI in domain users. The gid number 20 is gotten from AD on
> Linux DM, but because 20 is out of range for domain, nslookup (or
> whatever it is) displays group name from local /etc/group, which is
> "games".

It sounds like it has been.

Rowland