[Samba] Winbind issues with AD member file server
Rowland penny
rpenny at samba.org
Tue Jul 9 19:08:47 UTC 2019
On 09/07/2019 20:00, Eric Shell wrote:
> Hi Rowland,
>
> Currently Domain Users doesn't have a gidNumber because it didn't have
> a corresponding group in OpenLDAP, which is our master directory.
Did you miss the bit where I said Domain Users MUST have a gidNumber ?
>
> The primary Unix group gidNumber for each user is replicated from
> their OpenLDAP records, but the AD groups have a suffix due to
> historical name collisions - a POSIX group called harry would be
> harry-group in AD, but with a matching gidNumber.
That sounds like a recipe for disaster, but then again, if it works for
you, however it sounds like it doesn't ;-)
What do you use the openldap server for ?
Could you move whatever it is to the Samba AD ?
Rowland
>
> On Tue, Jul 9, 2019 at 11:53 AM Rowland penny via samba
> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>
> On 09/07/2019 19:46, Eric Shell via samba wrote:
> > Hi Rowland,
> >
> > Thanks for the prompt reply. The gidNumber attribute is set to the
> > appropriate primary UNIX group for each user already. Are there
> any ways
> > to work around the ID issue, or at least to mitigate some of the
> > consequences? We looked at updating uid/gid values across the
> board but
> > there is so much data owned by existing users and groups that we
> haven't
> > been able to proceed.
>
> I sort of thought that would be the case.
>
> Does Domain Users have a gidNumber ?
>
> You say 'appropriate primary Unix group', are these groups in AD
> and how
> are they named ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> --
> Eric Shell
> BSOE Technical Staff
> eshell at ucsc.edu <mailto:eshell at ucsc.edu>
> 831 459 4919
> Baskin Engineering, Room 313
More information about the samba
mailing list