[Samba] unix_primary_group not used when writing files

Matthew Richardson m.richardson at ed.ac.uk
Wed Aug 17 11:31:47 UTC 2022 

I have a samba server (v4.13.17 - Ubuntu 20.04) set up joined to an AD
domain, with the following idmap config:

[global]
  workgroup = MYDOM
  realm = MYDOM.EXAMPLE.COM
  security = ads
  idmap config * : backend = tdb
  idmap config * : range = 3000 - 9999
  idmap config MYDOM : backend = ad
  idmap config MYDOM : schema_mode = rfc2307
  idmap config MYDOM : range = 10000 - 9999999
  idmap config MYDOM : unix_primary_group = yes
  idmap config MYDOM : unix_nss_info = yes
  winbind use default domain = yes

All users in the domain have the unix attributes set (gidNumber,
loginShell etc). There is also a group with the same gid as the user's
gidNumber, and that user is a member of that group.

This shows up fine using the nss commands, e.g.:

$ getent passwd alice

alice:*:12345:12345:Alice Smith:/home/alice:/bin/bash

$ getent group alice

alice:x:12345:

$ groups alice

alice : alice domain users


However if I connect using smbclient and write files, they are always
group owned by 'domain users':

$ smbclient -k -L //server.example.com/alice
> put test.txt

$ ls -l /home/alice

-rwxrwxr-x+ 1 alice domain users 38 Aug 16 20:29 test.txt

Samba logging (debug level 4) during this file write correctly
identifies the primary group:

UNIX token of user 12345
  Primary group is 12345 and contains 164 supplementary groups

However it then uses domain users when writing (gid 273711):

[2022/08/16 19:12:02.052968,  2] ../../source3/smbd/open.c:1524(open_file)
  MYDOM\alice opened file test.txt read=Yes write=Yes (numopen=1)
[2022/08/16 19:12:02.060177,  3]
../../source3/smbd/posix_acls.c:1205(unpack_nt_owners)
  unpack_nt_owners: owner sid mapped to uid 12345
[2022/08/16 19:12:02.060584,  3]
../../source3/smbd/posix_acls.c:1226(unpack_nt_owners)
  unpack_nt_owners: group sid mapped to gid 273711
[2022/08/16 19:12:02.060994,  3]
../../source3/smbd/posix_acls.c:3760(set_nt_acl)
  set_nt_acl: chown test.txt. uid = 12345, gid = 273711.


Can anyone suggest what might be going on here?

Thanks,

Matthew


The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. Is e buidheann carthannais a th’ ann an Oilthigh Dhùn Èideann, clàraichte an Alba, àireamh clàraidh SC005336.

More information about the samba mailing list