[Samba] Primary group is 0 and contains 0 supplementary groups

Rowland penny rpenny at samba.org
Fri Oct 4 12:23:20 UTC 2019

On 04/10/2019 12:40, Robson Vitor Mendonça via samba wrote:
> I haven't learned to use the list yet, sorry! :(

What email client are you using ?

Normally, you would 'reply to list' or just 'reply'.

> See below the two smb.conf
> ### smb.conf - AD

Remove these lines from the AD DC smb.conf:

ldap server require strong auth = no
tls enabled  = no
security = user
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind offline logon = false
winbind nss info = rfc2307
encrypt passwords = Yes
template shell = /usr/sbin/nologin

> ### smb.conf - File Server

And these from the Unix domain member:

    password server = srv-samba.tco.lan
    encrypt passwords = yes
    idmap_ldb:use rfc2307 = yes
    idmap config DOMINIO : schema_mode = rfc2307
    winbind enum users = yes
    winbind enum groups = yes
    winbind expand groups = 10
    os level = 20
    map to guest = bad user
    acl map full control = true
    ea support = yes
    dos filetimes = yes
    enable privileges = yes
    restrict anonymous = 2
    strict allocate = yes
    guest ok = no
    template shell = /usr/sbin/nologin

The above lines either are defaults or have no reason to be where they are.

Unless you have a very good reason for using SMBv1, I would also remove 
'ntlm auth = yes' from both smb.conf files.

Are all your client workstations Windows PCs ?

If so, remove the 'valid users' & 'write list' lines and read this:



More information about the samba mailing list