[Samba] winbind on DC : how use gidNumber instead of primaryGroupID as user's primary group
L.P.H. van Belle
belle at bazuin.nl
Mon Aug 19 09:00:52 UTC 2019
Hai,
Fist of all, i must say it not very wise to have you NFS server on the AD-DC.
I do about the same but my NFS server is on a member.
Have you configured /etc/nsswitch.conf ?
If not do that.
If you run : id username
I see : uid=10002(NTDOM\username) gid=10000(NTDOM\domain users) groups=10000(NTDOM\domain users)
So my GID and Primary group id are the same.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Prunk Dump via samba
> Verzonden: maandag 19 augustus 2019 10:46
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] winbind on DC : how use gidNumber instead
> of primaryGroupID as user's primary group
>
> Hi Samba Team !
>
> My Samba AD DC server run an NFSv4 server so I need correct RFC2307 id
> mapping between the server and the clients.
>
> On the client side it's very easy with the new smb.conf options :
>
> idmap config SAMDOM:unix_nss_info = yes
> idmap config SAMDOM:unix_primary_group = yes
>
> But on the server side winbind use the gidNumber of the group
> corresponding to the user's primaryGroupID. Not the gidNumber
> directly.
>
> So all my users have their primary group set to "Domain Users" as I
> have set the "Domain Users" gidNumber as say in the documentation.
>
> How can I change this behavior ? On my NFSv4 shares all the files are
> owned by the "Domain Users" group instead of the correct user primary
> group.
I dont see any thing in correct here, its just how you use it.
On my NFS the files are also owned by "domain users", exactly as i want.
If its about rights on files/folders, use the other groups to allow access or deny access
Use "domain users" to allow users to change files.
Does this help you a bit?
>
> Thanks for help !
>
> Baptiste.
>
Greetz,
Louis
More information about the samba
mailing list