[Samba] getent shows only local entries.
Rowland penny
rpenny at samba.org
Sun Jan 26 14:52:50 UTC 2020
On 26/01/2020 14:21, Daniel Lang via samba wrote:
> Thank you very much for this information. That brings me a big step forward.
>
> I expanded the required Attributes on the Groups. Now i see it with
> "getent group".
>
> INTERN\domain admins:x:10001:
> INTERN\domain users:x:10000:
>
> But, the primaryGroupID Attribute from the User has an default value
> 513 = (GROUP_RID_USERS). It throw an exception when i try to change
> this to 10000
>
> "error in module samldb: Unwilling to perform during LDB_MODIFY(53)
This first message is aimed at Marco Gaiarin:
See, I told you trying to change primaryGroupID wasn't a good idea ;-)
Now back to the thread:
Windows expects all users to be members of the group 'Domain Users', and
if you do manage to change '513' to '10000', then that user will no
longer be a member of 'Domain Users'. What you are attempting to do is
replace a RID with a UidNumber, so you could try replacing the '513'
with the RID for the group that has the uidNumber, but then, there would
be no point in doing that, would there ?
If you wish to have different private user groups for your users (note:
your Unix users do not have primary groups, as far as I can see, there
is no concept of 'primary group' in Unix, users have private groups),
you must use Samba >= 4.6.0 and add 'idmap config
SAMDOM:unix_primary_group = yes' to your smb.conf. Your users will then
use the group whose gidNumber you set in the users AD object.
Rowland
More information about the samba
mailing list