[Samba] Samba group duplicated
Rowland Penny
rpenny at samba.org
Tue May 29 11:54:48 UTC 2018
On Tue, 29 May 2018 13:41:09 +0200
Rafał Sanocki via samba <samba at lists.samba.org> wrote:
> HI,
> I have samba DC Version 4.5.15 , i have problem with Domain Users
> group
>
> on samba server:
> # getent group 100
> DC1\domain users:x:100:
> # getent group 40000
> DC1\domain users:x:100:
> # getent group "dc1.i.com\\Domain Users"
> DC1\domain users:x:100:
>
> On Windows in Active Directory Users and Computers on Administrator
> domain account:
> gidNumber = 40000 for Domain Users.
>
>
> smb.conf
> [global]
> server role check:inhibit=yes
> dsdb:schema update allowed = yes
Why do you have the two lines above ??
> netbios name = DC1
> realm = I.COM
> workgroup = DC1
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> ldap server require strong auth = no
> unix extensions = no
> security = user
Again, why do yo have the two lines above ??
> dns forwarder = 192.168.10.2
> allow dns updates = nonsecure
> log level = 1
> max log size = 450000
> log file = /var/log/samba/log.%m
> include = /etc/samba/smb.conf.debug-%I
> idmap config * : range = 40000-50000
> idmap config * : backend = tdb
Yet again, why do you have the two lines above, they do not work on a
DC.
> winbind enum users = yes
> winbind enum groups = yes
Yet, Yet again, why do you have the two lines above, they only slow
things down and are not needed.
> [netlogon]
> path = /var/lib/samba/sysvol/i.mp.pl/scripts
> read only = No
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> Can i change gid to 100 in windows?
No, because it isn't coming from windows.
>Where does this discrepancy come from?
idmap.ldb, but it isn't a discrepancy, it is the default setting,
'Domain Users' is mapped to the Unix group 'users' in idmap.ldb
There is a bug report for this, until this is fixed, run 'net cache
flush' and then NEVER run 'getent group ANUMBER' again.
Rowland
More information about the samba
mailing list