[Samba] Confusing primary group warning

Jonathon Reinhart jonathon.reinhart at gmail.com
Thu Apr 18 03:55:40 UTC 2019

I'm reading this page on the Samba Wiki:

I'm reading the information at the end about gidNumber and
primaryGroupID, and everything is making sense. (In fact, I recently
implemented code to set a user's gidNumber to the gidNumber of their
primary group. I see now that this is the default behavior of Samba
(winbind?) and that this was probably unnecessary.)

 And then I encounter this warning:

> Whichever setting you use, do not change the users primaryGroupID attribute, Windows relies on all users being a member of Domain Users. If you require your Unix users to have a primary group other than Domain Users, you should use Samba version 4.6.0 or later.

This was added in July 2018:

I found this very surprising and somewhat inconsistent with the rest
of the text.

> Windows relies on all users being a member of Domain Users

Okay that's fine. But this is a discussion of "Primary Group", not
general group membership. AFAIK Windows doesn't care about the Primary
group. In fact, the "Member Of" tab in ADUC says:

> There is no need to change Primary group unless you have Macintosh clients or POSIX-compliant applications.

What is the purpose of this warning? If the whole point was that
"Windows relies on all users being a member of Domain Users", then I
don't understand why the Wiki is instructing users to not change the
Primary group.


More information about the samba mailing list