[Samba] unix_primary_group not used when writing files

[L. van Belle]

> -----Oorspronkelijk bericht-----
> Van: samba <samba-bounces at lists.samba.org> Namens Matthew
> Richardson via samba
> Verzonden: donderdag 18 augustus 2022 11:00
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] unix_primary_group not used when writing files
> 
> Hi,
> 
> Thanks for the extra info.
> >> However even with this setting and having restarted samba etc the files
> >> are still group 'domain user'.
> >
> > Yes and this IS correct and the default..
> > I recommend NOT to change it.. and you really must..
> > Change primaryGroupID in the AD, but really, use ACLS..
> 
> This doesn't seem to agree with what the Samba wiki docs say:
I think i said it wrongly..  see lower... 

> 
> https://wiki.samba.org/index.php/Idmap_config_ad
> 
> "There is now a new setting unix_primary_group, this allows you to use
> another group for the users primary group instead of Domain Users.
> 
> If this is set with unix_primary_group = yes, the users primary group is
> obtained from the gidNumber attribute found in the users AD object."
> 
> "Whichever setting you use, do not change the users primaryGroupID
> attribute, Windows relies on all users being a member of Domain Users."
Yes,.. 

Ahh, A better try to say where it is.. (* where I change it if needed). 

Only if you change the "Primary Group name/GID" in the Unix attributes tab in ADUC 
(* W7 or or W2008 or  lower versions of windows still shows the Unix tab)
That’s the resulting Group linux writes.. 
*( which is by default in windows, always "domain users")

Only when I change that on a user, I get the group. 

And I also did read the wiki again.. 
If it its all correct as you think, then you have found a bug.. 

Rowland, the "Primary Group name/GID" in the Unix attributes tab in ADUC .. 
Can you show howto get that current value from ldapsearch? 
Since I do see, or it at least looks like, the correct group was set, since it is showing the g_alice group with id command. 


Greetz, 

Louis