[Samba] Fwd: Force set group id on samba domain member
Michal
Michal67M at seznam.cz
Thu Jul 26 11:21:50 UTC 2018
2018-07-26 12:52 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:
> On Thu, 26 Jul 2018 10:49:17 +0200
> Michal <Michal67M at seznam.cz> wrote:
>
> > 2018-07-26 9:16 GMT+02:00 Rowland Penny via samba
> > <samba at lists.samba.org>:
> >
> > > On Wed, 25 Jul 2018 23:25:05 +0200
> > > Michal <Michal67M at seznam.cz> wrote:
> > >
> > > > I do not know If I get what you mean..
> > > >
> > > > # su - amistest
> > > > Last login: Tue Jul 24 22:48:18 CEST 2018 on pts/4
> > > > -bash-4.2$ id
> > > > uid=6603(NIS\amistest) gid=20(games)
> > > > groups=20(games),513(NIS\domain
> > > > users),2108(NIS\evis),2109(NIS\slp),2126(NIS\poj),2157(
> > > NIS\audio),2164(NIS\doprava),2181(NIS\tomocon),2186(NIS\
> > > pacs_diagnostik),10001(BUILTIN\users)
> > > >
> > > > It is "gid=20(games)", not "gid=20(NIS\games)". gid 20 games
> > > > comes from OS local /etc/group. It seems to me to be exactly what
> > > > I would expected. Winbind did not do domain name translation of
> > > > group 20, because it is not within domain range, thats ok, isn't
> > > > it?
> > > >
> > >
> > > What I am trying to get at is, the users primary group should come
> > > from AD, yours appears to be coming from /etc/group, this is what I
> > > do not understand.
> > >
> > >
> > I think it works this way:
> > Primary group of users on hp-ux is "users", with gidnumber 20. Users
> > in LDAP NT4 domain were/are being created with hp-ux unix attributes.
> > This number 20 is users' primary group id in our LDAP with
> > "users-nis" group name (yes, I know, it's a stupid name). This was
> > inserted into AD via classicupgrade. Common users in AD have UNIX
> > primary group attribute id=20,
>
> Are you saying that your AD users primaryGroupID attribute has been
> changed to '20' from '513'
>
Hmm.. I do not think so.
ad1# pdbedit -L -v amistest
Unix username: amistest
NT username:
Account Flags: [U ]
User SID: S-.....-14206
Primary Group SID: S....-513
Full Name: amistest
Home Directory:
HomeDir Drive: (null)
Logon Script:
Profile Path:
Domain:
Account desc: Amistest Amistest
Workstations:
Munged dial:
Logon time: Wed, 25 Jul 2018 07:27:31 CEST
Logoff time: 0
Kickoff time: Thu, 14 Sep 30828 04:48:05 CEST
Password last set: Tue, 03 Jul 2018 14:44:32 CEST
Password can change: Tue, 03 Jul 2018 14:44:32 CEST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
So DOMAIN primary group of the user is -513, Domain Users. Domain users
UNIX gid is 513.
But UNIX attribute "Primary group name/id" of the user amistest is
"users-nis", which is 20.
Michal
>
> > what is displayed as "users-nis" in eg
> > RSAT GUI in domain users. The gid number 20 is gotten from AD on
> > Linux DM, but because 20 is out of range for domain, nslookup (or
> > whatever it is) displays group name from local /etc/group, which is
> > "games".
>
> It sounds like it has been.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list