[Samba] Add gidNumber for group

Rowland penny rpenny at samba.org
Fri Jun 19 19:22:35 UTC 2020 

On 19/06/2020 20:09, Robert E. Wooden via samba wrote:
> On 6/19/2020 1:55 PM, Rowland penny via samba wrote:
>> ldbsearch -H /var/lib/samba/private/sam.ldb '(gidNumber=*)' | grep 
>> 'gidNumber:' | sed 's/gidNumber: //' | sort | tail -n1
>>
>> Add 1 to the output and use that.
>>
>> Rowland
>
> This is a newly setup DC and member server (both Debian 10.4 w/Samba 
> v4.12.3).
>
> I got:
>
> root at dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb 
> '(gidNumber=*)' | grep 'gidNumber:' | sed 's/gidNumber: //' | sort | 
> tail -n1
> root at dc01:~#
>
> So, adding 0+1=1 . . . (I know THAT cannot be correct.) ;-)
>
> If this helps any:
>
> root at dc01:~# wbinfo -g
> SAMDOM\cert publishers
> SAMDOM\ras and ias servers
> SAMDOM\allowed rodc password replication group
> SAMDOM\denied rodc password replication group
> SAMDOM\dnsadmins
> SAMDOM\enterprise read-only domain controllers
> SAMDOM\domain admins
> SAMDOM\domain users
> SAMDOM\domain guests
> SAMDOM\domain computers
> SAMDOM\domain controllers
> SAMDOM\schema admins
> SAMDOM\enterprise admins
> SAMDOM\group policy creator owners
> SAMDOM\read-only domain controllers
> SAMDOM\dnsupdateproxy
>
> root at dc01:~# wbinfo -n "Domain Users"
> S-1-5-21-589789-1426474111-2143966843-513 SID_DOM_GROUP (2)
>
> I have been troubleshooting to confirm a properly setup AD  DC and 
> member server.
>
> All previous tests are passing.
>
> Could I have some other issue?
>
Did you miss this:

if Domain Users does not have a gidNumber, you probably do not have any 
yet, so you can use whatever number you like, but I would recommend 
using the Number that ADUC started from: '10000'

You will probably not have any uidNumbers yet either, but if you have 
added any users, 'samba-tool user' has a similar option to the group 
one. If you haven't added any users, see 'samba-tool user create --help' 
for more info.

Again, I would start the range from '10000' a user can have the same 
uidNumber as a groups gidNumber, they will never be mistaken one for the 
other.

Rowland


Rowland

More information about the samba mailing list