[Samba] getent group does not list domain groups - question regarding default gidNumbers on PDC
Rowland penny
rpenny at samba.org
Wed Jun 5 11:39:11 UTC 2019
On 05/06/2019 11:16, Łukasz Michalski via samba wrote:
>>>
>>> Dunno, I just run:
>>>
>>> samba-tool domain provision --use-rfc2307 --interactive
>>>
>>> I did not touch ldap databases by hand afterwards.
>>>
>>> Regards,
>>> Łukasz
>>>
>>>
>>>
>> Someone did, because the xidNumber for Domain Users is set to '100'
>> by default.
>>
>> If you didn't change it, then change the root and Administrator
>> passwords now, someone has access.
>>
>
> I am sure that nobody did this - this is brand new setup, no one has
> access to it yet besides me.
> 985 is 'users' gid on samba AD host:
>
> [root at site-ad ~]# cat /etc/group |grep users
> users:x:985:
>
> Regards,
> Łukasz
>
>
Take it all back, you are correct, users is '985' on Archlinux, so that
is why it is set to '985' .
My excuse, I have never used Archlinux ;-)
but this raises the question, why does Archlinux use '985', when most of
the main distros use '100' ?
Rowland
More information about the samba
mailing list