[Samba] UID translation mystery or Festivus miracle?
Rowland Penny
rpenny at samba.org
Tue Jan 4 16:28:37 UTC 2022
On Tue, 2022-01-04 at 10:05 -0600, Patrick Goetz via samba wrote:
>
> About this, though:
>
> > The magic of 'id_type_both', Samba creates a usergroup if one does
> not
> > exist.
>
> I thought of this and used ADUC to look for a pgoetz group in the
> domain, but found none. Is this a persistent group, and if so,
> how/where
> is it stored that it can't be found by ADUC?
Sorry, I didn't tell you enough, you only get the usergroups on a Unix
domain member with the 'rid' backend (you may get them with the
'autorid' backend, but I haven't tested it). If you look in idmap.ldb
on a DC, you will find 'ID_TYPE_BOTH', but it isn't shown by getent,
the same goes for the 'ad' backend on a Unix domain member. On a Unix
domain member using the 'rid' backend, you will get something like
this:
adminuser at deb11:~$ id rowland
uid=11107(rowland) gid=10513(domain_users)
groups=10513(domain_users),11107(rowland).................
And
adminuser at deb11:~$ getent group rowland
rowland:x:11107:rowland
I can assure you that there isn't a group called 'rowland' anywhere, it
is all done in code.
Rowland
More information about the samba
mailing list