[Samba] Add gidNumber for group
rpenny at samba.org
Fri Jun 19 19:22:35 UTC 2020
On 19/06/2020 20:09, Robert E. Wooden via samba wrote:
> On 6/19/2020 1:55 PM, Rowland penny via samba wrote:
>> ldbsearch -H /var/lib/samba/private/sam.ldb '(gidNumber=*)' | grep
>> 'gidNumber:' | sed 's/gidNumber: //' | sort | tail -n1
>> Add 1 to the output and use that.
> This is a newly setup DC and member server (both Debian 10.4 w/Samba
> I got:
> root at dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb
> '(gidNumber=*)' | grep 'gidNumber:' | sed 's/gidNumber: //' | sort |
> tail -n1
> root at dc01:~#
> So, adding 0+1=1 . . . (I know THAT cannot be correct.) ;-)
> If this helps any:
> root at dc01:~# wbinfo -g
> SAMDOM\cert publishers
> SAMDOM\ras and ias servers
> SAMDOM\allowed rodc password replication group
> SAMDOM\denied rodc password replication group
> SAMDOM\enterprise read-only domain controllers
> SAMDOM\domain admins
> SAMDOM\domain users
> SAMDOM\domain guests
> SAMDOM\domain computers
> SAMDOM\domain controllers
> SAMDOM\schema admins
> SAMDOM\enterprise admins
> SAMDOM\group policy creator owners
> SAMDOM\read-only domain controllers
> root at dc01:~# wbinfo -n "Domain Users"
> S-1-5-21-589789-1426474111-2143966843-513 SID_DOM_GROUP (2)
> I have been troubleshooting to confirm a properly setup AD DC and
> member server.
> All previous tests are passing.
> Could I have some other issue?
Did you miss this:
if Domain Users does not have a gidNumber, you probably do not have any
yet, so you can use whatever number you like, but I would recommend
using the Number that ADUC started from: '10000'
You will probably not have any uidNumbers yet either, but if you have
added any users, 'samba-tool user' has a similar option to the group
one. If you haven't added any users, see 'samba-tool user create --help'
for more info.
Again, I would start the range from '10000' a user can have the same
uidNumber as a groups gidNumber, they will never be mistaken one for the
More information about the samba