[Samba] Upgraded a member server to 4.8, rfc2307 data?

Rowland Penny rpenny at samba.org
Thu Sep 6 12:29:12 UTC 2018

On Thu, 6 Sep 2018 14:20:42 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:

> Mandi! L.P.H. van Belle via samba
>   In chel di` si favelave...
> > And in addition to Rowland comment, i'll show how i use it. 
> Thanks. I add a note myself.
> Only 'non-primary groups' get listed in memberOf/member data in LDAP,
> so if you need to get 'group membership' for other tools/app/... you
> 'lost' (apart doing some complex queries...) the default group.
> I've found web interfaces that are able to do also 'nested group
> expansions', but (by default) does not lookup primaryGroupID/gidNumber
> (because, indeed, is a totally different query).
> So, probably the best thing to do is to keep 'Domain Users' as default
> group and stop.

I have never understood why people want different primary groups for
Unix users in AD. You can get something similar by denying access to a
share from the 'Domain Users' group and allowing access from another


More information about the samba mailing list