[Samba] winbind on DC : how use gidNumber instead of primaryGroupID as user's primary group
Rowland penny
rpenny at samba.org
Mon Aug 19 09:07:19 UTC 2019
On 19/08/2019 09:45, Prunk Dump via samba wrote:
> Hi Samba Team !
>
> My Samba AD DC server run an NFSv4 server so I need correct RFC2307 id
> mapping between the server and the clients.
>
> On the client side it's very easy with the new smb.conf options :
>
> idmap config SAMDOM:unix_nss_info = yes
> idmap config SAMDOM:unix_primary_group = yes
>
> But on the server side winbind use the gidNumber of the group
> corresponding to the user's primaryGroupID. Not the gidNumber
> directly.
>
> So all my users have their primary group set to "Domain Users" as I
> have set the "Domain Users" gidNumber as say in the documentation.
>
> How can I change this behavior ? On my NFSv4 shares all the files are
> owned by the "Domain Users" group instead of the correct user primary
> group.
>
> Thanks for help !
>
> Baptiste.
>
This is one of the reasons why you shouldn't use a DC as a fileserver,
you cannot do what you require safely.
The only way to do what you require is to replace your users
primaryGroupID contents with the required groups gidNumber, but this
will break Windows because Windows expects all users to be a member of
Domain Users.
I think the best idea is to work around this problem or use a Unix
domain member as a fileserver ;-)
Rowland
More information about the samba
mailing list