[Samba] question about winbind rid idmaping

Rowland penny rpenny at samba.org
Thu Oct 29 12:07:06 UTC 2020

On 29/10/2020 11:56, Andrew Walker wrote:
> Several of the idmap backends (including idmap_rid) in samba support 
> id_type_both (the ID is both a user and a group). This is ultimately 
> needed for accurately producing Windows-style behavior regarding 
> permissions (where a group can be the owner of a file). Without 
> knowing the details of the ACL module, the best path forward would be 
> for you to figure out how to maintain windows-like behavior.

The only place that I have found id_type_both to be used, is in 
idmap.ldb on a Samba AD DC. Windows behaviour is for a group to be able 
to own files. Unix has no such concept, but it is possible for a user & 
a group to have the same name, this is not possible on Windows.

We need more info to diagnose this problem.


More information about the samba mailing list