[Samba] Group issues on AD DC, membership does not work on some users
Oleg Blyahher
oleg.blyahher at bluetest.se
Wed Apr 22 10:59:04 UTC 2020
Sorry for the spam, just have another question here.
> If the 'domain-joined file share server' is a Unix computer, then
> possibly 'samba-tool group add new-group' isn't sufficient, the group
> will not have a gidNumber attribute and if the 'idmap config' DOMAIN
> backend is 'ad', then the group will be ignored.
What is the full/correct way to add a group then? The domain-joined
fileserver is a Unix machine (Debian 9) with Samba 4.5.16. These are the
*idmap*-relevant parts from the smb.conf on it:
idmap config * : backend = tdb idmap config * : range = 3000-7999
idmap config DOMAIN: backend = rfc2307 idmap config DOMAIN: range =
10000-999999999 idmap config DOMAIN: ldap_server = ad idmap config
DOMAIN: unix_nss_info = yes
This guide in the wiki
(https://wiki.samba.org/index.php/User_and_Group_management) doesn't say
much more than *samba tool group add groupname*.
All the best,
Oleg
More information about the samba
mailing list