[Samba] map gidNumber

Rowland penny rpenny at samba.org
Thu Jul 23 13:44:05 UTC 2020 

On 23/07/2020 14:29, basti via samba wrote:
> On 23.07.20 15:23, Rowland penny via samba wrote:
>> On 23/07/2020 14:07, basti via samba wrote:
>>> hello,
>>> is there a way to map usergroups via winbind?
>>>
>>> I need 'getent passwd':
>>> testuser:x:7072:513::/home/users/testuser:/bin/bash
>>>
>>> but I get:
>>> testuser:x:7072:30000::/home/users/testuser:/bin/bash
>>>
>>> gidNumber is set to 513 in samba-ldap.
>>>
>>> cat /etc/samba/smb.conf
>>> [global]
>>>          # Default ID mapping configuration for local BUILTIN accounts
>>>          # and groups on a domain member. The default (*) domain:
>>>          # - must not overlap with any domain ID mapping configuration!
>>>          # - must use an read-write-enabled back end, such as tdb.
>>>          idmap config * : backend = tdb
>>>          idmap config * : range = 1000-2000
>>>
>>>          # idmap config for the SAMDOM domain
>>>          idmap config SAMDOM:backend = ad
>>>          idmap config SAMDOM:schema_mode = rfc2307
>>>          idmap config SAMDOM:range = 2001-999999
>>>          idmap config SAMDOM:unix_nss_info = yes
>> You are never going to get '513' to show as the users primary group ID,
>> because it is less than the lower DOMAIN range you have set in smb.conf.
>> Any uidNumber or gidNumber attributes containing a number less than
>> '2001' will be ignored, I am still trying to understand where the
>> '30000' came from ?
>>
>> Rowland
> ah ok i understand.
I don't ;-)
>
> dn: CN=Users,CN=Builtin,DC=samdom,DC=example,DC=com
> gidNumber: 30000
>
> in my samba ldap.
> whats your gidNumber of that dn?

Mine doesn't have a gidNumber, because it is a container, so if your 
object is similar to this:

objectClass: top
objectClass: container
cn: Users
description: Default container for upgraded user accounts
instanceType: 4
whenCreated: 20151106115615.0Z
whenChanged: 20151106115615.0Z
uSNCreated: 4832
showInAdvancedViewOnly: FALSE
name: Users
objectGUID: 71ddda0c-3c86-40c6-8ad2-1c81aeacf0da
systemFlags: -1946157056
objectCategory: 
CN=Container,CN=Schema,CN=Configuration,DC=samdom,DC=example,D
  C=com
isCriticalSystemObject: TRUE
uSNChanged: 4935
distinguishedName: CN=Users,DC=samdom,DC=example,DC=com

and also has the line:

gidNumber: 30000

Then remove the gidNumber line.

Rowland

More information about the samba mailing list