[Samba] unix_primary_group not used when writing files

[L. van Belle]

Hai. 


> I have subsequently worked out that to get 'getent group' to show users I
> need to add the following to smb.conf:
> 
> winbind expand groups = 1
> 
> This now gives:
> 
> $ getent group g_alice
> g_alice:x:12345:alice
> 
> However even with this setting and having restarted samba etc the files are
> still group 'domain user'. 

Yes and this IS correct and the default.. 
I recommend NOT to change it.. and you really must.. 
Change primaryGroupID in the AD, but really, use ACLS.. 

So whats set as ACL on  /home/alice  
getfacl /home/alice

Then next part..  
its what Rowland is saying, you should see all the users in the domain user group. 

Whats set in /etc/nsswitch.conf ?  since your using ubuntu and I don’t think apparmor is bugging you. 
if that’s the case you should see it in the syslog I think. 

The smb.conf is correct. Ow. ps, one thing.. 
you don’t have " winbind refresh tickets = yes" in add it.  
At least, the only thing I didn’t see. 

I have this in nsswitch.conf on my debian buster/bullseye servers. 

passwd:         compat winbind systemd
group:          compat winbind systemd
...
hosts:          files dns mdns4_minimal [NOTFOUND=return]

Also keep this in mind.. 
You can add a windows users with UID/GID in a linux group. 
You can not add a unix users to a Windows group. 

So, what I think, the primary GroupID isnt changed from "domain users" to g_alice in the AD. 
Or you hitting cache problem;  try also : net cache flush 

but I pretty sure its one of the above points. 


Greetz, 

Louis