[Samba] Group, idmap, unix_primary_group ...

Marco Gaiarin gaio at sv.lnf.it
Fri Jan 24 12:39:06 UTC 2020


Mandi! Rowland penny via samba
  In chel di` si favelave...

> Hmm, The minimum requirements for the winbind 'ad' backend are:
>    all users that you require visible to Unix must have a uidNumber attribute
>    The Domain Users group must have a gidNumber attribute
>    All uidNumber and gidNumber attributes must contain numbers inside the 'DOMAIN' range set in smb.conf

OK, done.

>    If you are using Domain Users as the primary group, then there is no need to give your users a gidNumber attribute containing the GID for Domain Users.

Primary group in 'Windows' or 'POSIX' way? Eg, 'primaryGroupID' or
'gidNumber'? I suppose 'primaryGroupID'...

>    If you are using Samba < 4.6.0 or are using Samba >= 4.60 and 'unix_primary_group = yes' isn't set, then any users gidNumber attributes will be treated as secondary groups

Again, here i suppose 'secondary group' both in Windows and POSIX way,
right?


> > So, i want to switch to 'unix_primary_group = yes', but i've no clear
> > at all if 'primaryGroupID' and 'gidNumber' have still to match (eg, i
> > need to change both), or it is better to leave 'primaryGroupID' to
> > Domain Users and change only gidNumber.
> No, they do not have to match and you shouldn't change the 'primaryGroupID'.
> Just add 'idmap config SAMDOM:unix_primary_group = yes' and set the required
> groups GID in the users gidNumber attribute.

Ok. But curiosity kills me. ;-)

a) what happen if i change primaryGroupID?

b) supposing to have (and samba > 4.6 and unix_primary_group = yes):

	primaryGroupID: Domain Users
	gidNumber: groupA
	other group (via 'memberOf'): groupB, groupC

 user are member of 'Domain Users', groupA, groupB and groupC both for
 Windows and POSIX?


Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)



More information about the samba mailing list