[Samba] winbind on DC : how use gidNumber instead of primaryGroupID as user's primary group
L.P.H. van Belle
belle at bazuin.nl
Tue Aug 20 10:16:04 UTC 2019
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland penny via samba
> Verzonden: dinsdag 20 augustus 2019 11:55
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] winbind on DC : how use gidNumber
> instead of primaryGroupID as user's primary group
>
> On 20/08/2019 10:29, L.P.H. van Belle via samba wrote:
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> >> Prunk Dump via samba
> >> Verzonden: dinsdag 20 augustus 2019 10:20
> >> Aan: samba at lists.samba.org
> >> Onderwerp: Re: [Samba] winbind on DC : how use gidNumber
> >> instead of primaryGroupID as user's primary group
> >>
> >> Le lun. 19 août 2019 à 12:37, Rowland penny via samba
> >> <samba at lists.samba.org> a écrit :
> >>> On 19/08/2019 11:13, Prunk Dump via samba wrote:
> >>>> Last important thing. I use some script to manage my
> users from Linux.
> >>>> As I can't use the "id" command to get the user gidNumber on DC :
> > Why not, i see this on my DC's. ( Debian Buster, samba
> 4.10.6 with AD backends. )
> >
> > id username ( samba domain user)
> > uid=10002(NTDOM\username) gid=10000(NTDOM\domain users)
> groups=10000(NTDOM\domain
> users),3000030(NTDOM\Allow-rdp),3000315(NTDOM\Allow-monitoring
> ),3000009(BUILTIN\users)
> >
> The problem with that is, 'id' gets its info from the same place that
> 'getent' does, so the OP will still get the wrong group ;-)
>
> Rowland
Maybe i did not understand the question then.
In: id username |awk -F"=" '{ print $2 }'|cut -d"(" -f1
$2 = GID
$3 = primary group.
Ok so above was with a user the does have a UID + GID assigned.
id username-NOGID |/usr/bin/awk -F"=" '{ print $2 }'|/usr/bin/cut -d"(" -f1
3000165 ( is : ,3000165(NTNDOM\username-NOGID)
Ok, so thats wrong..
id username |awk -F"gid=" '{ print $2 }'|cut -d"(" -f1
10000
Which is correct
I've verified the last line : id username |awk -F"gid=" '{ print $2 }'|cut -d"(" -f1
With AD user with UID+GID
With AD user without UID+GID
With Linux user
And they now all show there correct GID.
Can you verify it?
Greetz,
Louis
More information about the samba
mailing list