[Samba] rid backend special group handling
d tbsky
tbskyd at gmail.com
Wed Mar 1 14:59:45 UTC 2023
Hi:
I want to convert our samba file server from rfc2307 to rid backend.
the configuration looks like:
idmap config *:backend = tdb
idmap config *:range = 5000-9999
idmap config SAMDOM:backend = rid
idmap config SAMDOM:range = 10000-999999
idmap config SAMDOM:unix_primary_group = yes
Most things work fine. normal user-id and group-id changed. so we
change owners and acls to correct new id, then the file server works
as usual.
but now there are new windows users/groups which we didn't set rfc2307
attributes before coming to our file server. "domain users" is fine.
in windows we can also see accounts belonging to "domain users". and
"domain users" also get a new gid correctly under linux.
What confuses me is the "BUILTIN\users" group. Now with command "id
my-account" I can see my account also belongs to the "BUILTIN\users"
group.
and the group id is "1000032" which is outside my new configuration range.
I didn't see that group under rfc2307 backend before. but I know the
"1000032" id comes from my old config, which has "idmap config *:range
= 1000000-1999999".
After some trying I finally got rid of "1000032" by deleting
"group_mapping.tdb" and let samba recreate it to get the new id under
"5000-9999".
I want to know more about how samba deals with these special groups.
There is little information at wiki. After searching the email list, I
found some discussion that only "Administrators","Guests","Users"
Builtin groups are mapped under samba.
Is there more information about how sambe handles these special groups?
Regards,
tbskyd
More information about the samba
mailing list