[Samba] Winbind issues with AD member file server

Eric Shell eshell at ucsc.edu
Tue Jul 9 19:00:57 UTC 2019


Hi Rowland,

Currently Domain Users doesn't have a gidNumber because it didn't have a
corresponding group in OpenLDAP, which is our master directory.

The primary Unix group gidNumber for each user is replicated from their
OpenLDAP records, but the AD groups have a suffix due to historical name
collisions - a POSIX group called harry would be harry-group in AD, but
with a matching gidNumber.

On Tue, Jul 9, 2019 at 11:53 AM Rowland penny via samba <
samba at lists.samba.org> wrote:

> On 09/07/2019 19:46, Eric Shell via samba wrote:
> > Hi Rowland,
> >
> > Thanks for the prompt reply.  The gidNumber attribute is set to the
> > appropriate primary UNIX group for each user already.  Are there any ways
> > to work around the ID issue, or at least to mitigate some of the
> > consequences?  We looked at updating uid/gid values across the board but
> > there is so much data owned by existing users and groups that we haven't
> > been able to proceed.
>
> I sort of thought that would be the case.
>
> Does Domain Users have a gidNumber ?
>
> You say 'appropriate primary Unix group', are these groups in AD and how
> are they named ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
Eric Shell
BSOE Technical Staff
eshell at ucsc.edu
831 459 4919
Baskin Engineering, Room 313


More information about the samba mailing list