[Samba] libpam-winbind mkhomedir

Andrew Walker walker.aj325 at gmail.com
Tue Jun 1 21:41:44 UTC 2021

On Tue, Jun 1, 2021 at 4:41 PM Rowland penny via samba <
samba at lists.samba.org> wrote:

> On 01/06/2021 21:31, Andrew Walker wrote:
> > On Tue, Jun 1, 2021 at 3:53 AM Rowland penny via samba
> > <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
> >
> >     This doesn't affect Linux unless your computers gain a uidNumber
> >     and congratulations, you appear to have found
> >     a bug.
> >
> >
> > I believe RID backend, which is being used here, can provide idmapping
> > for computer accounts, since it just algorithmically maps IDs to SIDs.
> > This can be helpful in some situations IIRC where Windows may attempt
> > to authenticate to the samba server using its machine account rather
> > than the account of the currently logged in user. I believe some
> > backup software does this.
> I found this out, I had never thought to run 'getent passwd' with a
> computer name, but when I tried it using the 'rid' backend, it worked.
> In my opinion it shouldn't, but if it has to, it shouldn't show the
> computers primary group as Domain Users.
> Rowland

I'll have to think about this some, but I think I agree on this point.
Perhaps for idmap backends supporting ID_TYPE_BOTH, we could just set
primary gid to uid.

More information about the samba mailing list