[Samba] Problems with groups, minimum gidnumber?

[Rowland penny]

On 15/05/2020 13:11, Harald Hannelius via samba wrote:
>
>
> I have succesfully migrated our users (~3900) from our Samba 3 
> DC/OpenLDAP, complete with passwords.
How did you carry out the migration ?
>
> I have some 300 + groups that I'm trying to get migrated to our Samba 
> 4 AD.
Why do need over 300 groups ?
>
> I can create the groups, but it looks from the domain-member's side 
> that groups don't work as I expect them to.
>
> - Not all groups seems to be visible by using 'getent group'. It looks 
> like groups with a gidnumber below 1000 isn't visible. Where is this 
> limit configured?
In smb.conf, might be an idea to post your smb.conf
>
> - Am I supposed to be able to list group members by using 'getent 
> group groupname'? Now the groups that are visible don't have any 
> members in them.
Yes to the first question, and how did you create the groups and add 
members to them for the second.
>
> - I have two accounts, uid 510 and 527 respectively. 510 is a member 
> of all the groups like on the Samba DC, the other one isn't a member 
> of any other groups than users(100) and BUILTIN\users. How do I debug 
> this? I suspect that if a user is defined to be a member of a group 
> with a gidnumber below a certain limit, he or she isn't going to be a 
> member of any extra groups, or something in this order.

It is possible your ID numbers are too low, one problem is that the ID 
'100' for users is only used on a DC. post your smb.conf and we will go 
from there.

Rowland