[Samba] Samba groups vs Linux groups.
Rowland penny
rpenny at samba.org
Fri May 7 09:15:56 UTC 2021
On 07/05/2021 09:56, Jason Long via samba wrote:
> Hello,
> When I use "samba-tool group create "GROUPNAME"" command to create a group, then that is not a normal Linux group?
It sounds like you need to forget a lot of what you know about Samba and
learn the new ways of doing things.
Here is an example:
rowland at devstation:~$ getent passwd rowland
rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
rowland at devstation:~$ cat /etc/passwd | grep rowland
rowland at devstation:~$
As you can see, I am quite clearly a Unix user, but I am not in /etc/passwd
All your users and groups are created in AD and you map them to Unix
users and groups with the 'idmap config' lines in your smb.conf
If you do not want to add anything extra to AD, the easiest method is
the winbind 'rid' backend, but you only get Unix IDs
If you want users to have different home dirs, shells etc, you need to
use the 'ad' backend, but you must add rfc2307 attributes to AD
If you have trusted domains, then there is the 'autorid' backend which
works similarly to the 'rid' backend
You can find more info here:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
Rowland
> For example:
>
> # wbinfo -g
> MYDOMAIN\cert publishers
> MYDOMAIN\ras and ias servers
> MYDOMAIN\allowed rodc password replication group
> MYDOMAIN\denied rodc password replication group
> MYDOMAIN\dnsadmins
> MYDOMAIN\enterprise read-only domain controllers
> MYDOMAIN\domain admins
> MYDOMAIN\domain users
> MYDOMAIN\domain guests
> MYDOMAIN\domain computers
> MYDOMAIN\domain controllers
> MYDOMAIN\schema admins
> MYDOMAIN\enterprise admins
> MYDOMAIN\group policy creator owners
> MYDOMAIN\read-only domain controllers
> MYDOMAIN\dnsupdateproxy
> MYDOMAIN\login2
>
> # getent group
> root:x:0:
> bin:x:1:
> daemon:x:2:
> ...
> user1:x:982:
> login:x:1000:user2,user3
> user2:x:981:
> user3:x:980:
>
>
> In the output of the "wbinfo -g" command, I can't see "login" group and in the output of the "getent group" command, I can't see "login2" group.
>
> Thanks.
>
More information about the samba
mailing list