[Samba] winbind on DC : how use gidNumber instead of primaryGroupID as user's primary group

L.P.H. van Belle belle at bazuin.nl
Tue Aug 20 10:16:04 UTC 2019 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: dinsdag 20 augustus 2019 11:55
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] winbind on DC : how use gidNumber 
> instead of primaryGroupID as user's primary group
> 
> On 20/08/2019 10:29, L.P.H. van Belle via samba wrote:
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> >> Prunk Dump via samba
> >> Verzonden: dinsdag 20 augustus 2019 10:20
> >> Aan: samba at lists.samba.org
> >> Onderwerp: Re: [Samba] winbind on DC : how use gidNumber
> >> instead of primaryGroupID as user's primary group
> >>
> >> Le lun. 19 août 2019 à 12:37, Rowland penny via samba
> >> <samba at lists.samba.org> a écrit :
> >>> On 19/08/2019 11:13, Prunk Dump via samba wrote:
> >>>> Last important thing. I use some script to manage my 
> users from Linux.
> >>>> As I can't use the "id" command to get the user gidNumber on DC :
> > Why not, i see this on my DC's. ( Debian Buster, samba 
> 4.10.6 with AD backends. )
> >
> > id username ( samba domain user)
> > uid=10002(NTDOM\username) gid=10000(NTDOM\domain users) 
> groups=10000(NTDOM\domain 
> users),3000030(NTDOM\Allow-rdp),3000315(NTDOM\Allow-monitoring
> ),3000009(BUILTIN\users)
> >
> The problem with that is, 'id' gets its info from the same place that 
> 'getent' does, so the OP will still get the wrong group ;-)
> 
> Rowland

Maybe i did not understand the question then. 
In: id username |awk -F"=" '{ print $2 }'|cut -d"(" -f1
$2 = GID 
$3 = primary group. 

Ok so above was with a user the does have a UID + GID assigned. 
id username-NOGID |/usr/bin/awk -F"=" '{ print $2 }'|/usr/bin/cut -d"(" -f1
3000165	( is : ,3000165(NTNDOM\username-NOGID)

Ok, so thats wrong..

id username |awk -F"gid=" '{ print $2 }'|cut -d"(" -f1
10000
Which is correct 

I've verified the last line :  id username |awk -F"gid=" '{ print $2 }'|cut -d"(" -f1 

With AD user with UID+GID
With AD user without UID+GID
With Linux user 

And they now all show there correct GID. 
Can you verify it? 

Greetz, 

Louis

More information about the samba mailing list