[Samba] auto_private_groups analogue?

Rowland penny rpenny at samba.org
Fri Feb 28 08:00:35 UTC 2020

On 27/02/2020 23:28, Alexey A Nikitin via samba wrote:
> SSSD has auto_private_groups setting which effectively automatically creates a private user group when getting users from AD that either don't have gidNumber set for them or have gidNumber set to be the same as uidNumber.

It sounds like sssd is doing something similar to what idmap.ldb does on 
a Samba DC, On a DC a group can be a group and a user. There is nothing 
like this on a Unix domain member, the nearest you can get is by using 
the winbind 'ad' backend on Samba >= 4.6.0 and adding 'idmap config 
SAMDOM:unix_primary_group = yes' to the smb.conf . With this you can set 
individual primary groups for each user, but they cannot have the same 
name as the user.

Why you would want to do this, defeats me, yes I know that you are used 
to user private groups, but Windows works very well without them.


More information about the samba mailing list