[Samba] group and user of the same name
Rowland Penny
rpenny at samba.org
Sat Feb 12 13:50:52 UTC 2022
On Sat, 2022-02-12 at 07:27 -0600, Patrick Goetz via samba wrote:
>
> On 2/12/22 07:03, Michael Tokarev via samba wrote:
> > Hi!
> >
> > On *nix, it is common to assign user its own group
> > of the same name. On linux with shadow-utils (the
> > standard tools to add/remove users), user-own group
> > is the default and one need to specify an option when
> > creating new user to turn that off.
> >
> > But in windows world, users and groups seem to be in
> > the same namespace.
> >
> > How to manage such "personal groups" in the windows/AD
> > world (when we're talking about *moving* local users
> > to AD instead of having them both in AD and locally)?
> > Should I give the "personal group" some prefix for
> > example, like g-mjt for the mjt group?
> >
>
> If your user is in AD, Samba creates a group for you matching the
> user
Only if you are using the 'rid' idmap backend (don't think autorid does
this).
> name automatically. Since AD doesn't allow this, as you mention, I
> think
> this group exists only in a local Samba database, but an expert will
> need to chime in here.
If a user local group is created, it is only done by code and isn't
stored anywhere (other than an in an ACL)
>
> Yes, the single dumbest thing about AD is the flat namespace across
> the
> domain. No idea why an adult didn't get involved when they were
> designing this.
>
Because the users and groups are stored in ldap and use different
objectclasses.
Rowland
More information about the samba
mailing list