[Samba] Group, idmap, unix_primary_group ...

Marco Gaiarin gaio at sv.lnf.it
Mon Jan 27 16:18:52 UTC 2020 

> For the rest... i make some experiments and give back feedback here. ;-)

Ok, i've changed my gidNumber to avalid gid, but i'm not member of that
group:

 root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b DC=ad,DC=fvg,DC=lnf,DC=it '(&(objectClass=user)(sAMAccountName=gaio))' | egrep -i '(gid|member|group)'
 primaryGroupID: 513
 memberOf: CN=unixadm,CN=Users,DC=ad,DC=fvg,DC=lnf,DC=it
 memberOf: CN=sir,OU=Users,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it
 gidNumber: 11026

as supposed, on DC nothing changed:

 root at vdcsv1:~# id gaio
 uid=10000(LNFFVG\gaio) gid=10513(LNFFVG\domain users) gruppi=10513(LNFFVG\domain users),11001(LNFFVG\sir),10999(LNFFVG\unixadm),3000008(LNFFVG\domain admins),3000005(LNFFVG\denied rodc password replication group),10998(LNFFVG\printops),3000000(BUILTIN\administrators),3000009(BUILTIN\users)


on domain member with 'unix_primary_group = yes':

 root at vdmsv2:~# id gaio
 uid=10000(gaio) gid=11026(sv_riabili_logo) gruppi=11026(sv_riabili_logo),10513(domain users),11001(sir),10999(unixadm),10998(printops),5001(BUILTIN\users),5000

group became correctly the 'primary', but also get added automatically
to 'secondary' groups (and also 'domain users' get added
automatically).


On domanin member with 'unix_primary_group = no':

 root at vdmsv1:~# id gaio
 uid=10000(gaio) gid=10513(domain users) gruppi=10513(domain users),11001(sir),10999(unixadm),10998(printops),5001(BUILTIN\users),5000(BUILTIN\administrators)

as expected.



I've tried to create a folder on domain member with 'unix_primary_group = yes'
with permission strictly for sv_riabili_logo, and as user 'gaio' i have
no access.
So in this way, user 'gaio' by default create file as group
'sv_riabili_logo' but cannot 'group read' it.

It suffices to know that. Good. ;-)

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list