[Samba] map gidNumber

Rowland penny rpenny at samba.org
Thu Jul 23 13:23:44 UTC 2020


On 23/07/2020 14:07, basti via samba wrote:
> hello,
> is there a way to map usergroups via winbind?
>
> I need 'getent passwd':
> testuser:x:7072:513::/home/users/testuser:/bin/bash
>
> but I get:
> testuser:x:7072:30000::/home/users/testuser:/bin/bash
>
> gidNumber is set to 513 in samba-ldap.
>
> cat /etc/samba/smb.conf
> [global]
>         # Default ID mapping configuration for local BUILTIN accounts
>         # and groups on a domain member. The default (*) domain:
>         # - must not overlap with any domain ID mapping configuration!
>         # - must use an read-write-enabled back end, such as tdb.
>         idmap config * : backend = tdb
>         idmap config * : range = 1000-2000
>
>         # idmap config for the SAMDOM domain
>         idmap config SAMDOM:backend = ad
>         idmap config SAMDOM:schema_mode = rfc2307
>         idmap config SAMDOM:range = 2001-999999
>         idmap config SAMDOM:unix_nss_info = yes

You are never going to get '513' to show as the users primary group ID, 
because it is less than the lower DOMAIN range you have set in smb.conf. 
Any uidNumber or gidNumber attributes containing a number less than 
'2001' will be ignored, I am still trying to understand where the 
'30000' came from ?

Rowland





More information about the samba mailing list