[Samba] Confusing primary group warning
Jonathon Reinhart
jonathon.reinhart at gmail.com
Thu Apr 18 03:55:40 UTC 2019
I'm reading this page on the Samba Wiki:
https://wiki.samba.org/index.php/Idmap_config_ad
I'm reading the information at the end about gidNumber and
primaryGroupID, and everything is making sense. (In fact, I recently
implemented code to set a user's gidNumber to the gidNumber of their
primary group. I see now that this is the default behavior of Samba
(winbind?) and that this was probably unnecessary.)
And then I encounter this warning:
> Whichever setting you use, do not change the users primaryGroupID attribute, Windows relies on all users being a member of Domain Users. If you require your Unix users to have a primary group other than Domain Users, you should use Samba version 4.6.0 or later.
This was added in July 2018:
https://wiki.samba.org/index.php?title=Idmap_config_ad&diff=14522&oldid=14505
I found this very surprising and somewhat inconsistent with the rest
of the text.
> Windows relies on all users being a member of Domain Users
Okay that's fine. But this is a discussion of "Primary Group", not
general group membership. AFAIK Windows doesn't care about the Primary
group. In fact, the "Member Of" tab in ADUC says:
> There is no need to change Primary group unless you have Macintosh clients or POSIX-compliant applications.
What is the purpose of this warning? If the whole point was that
"Windows relies on all users being a member of Domain Users", then I
don't understand why the Wiki is instructing users to not change the
Primary group.
Thanks,
Jonathon
More information about the samba
mailing list