Hi, if you use the UNIX attributes the primary group is ignored if you use winbind and the primary group of the AD attributes is used. So every user has the "Domain Users" group as primary group. I also read that you are not supposed to change the AD primary group to another than "Domain Users". Is there a way to set the UNIX primary group to another group without causing trouble in Windows? Perhaps create a group which is member of the "Domain Users" and make this the primary AD group? -- Viele Gr??e Andreas Hauffe
On 18:06:54 wrote Andreas Hauffe:> Hi, > > if you use the UNIX attributes the primary group is ignored if you > use winbind and the primary group of the AD attributes is used. So > every user has the "Domain Users" group as primary group. I also > read that you are not supposed to change the AD primary group to > another than "Domain Users". Is there a way to set the UNIX primary > group to another group without causing trouble in Windows? Perhaps > create a group which is member of the "Domain Users" and make this > the primary AD group?Read this: https://technet.microsoft.com/en-us/library/cc776334%28v=ws.10%29.aspx and https://technet.microsoft.com/en-us/library/cc758426%28v=ws.10%29.aspx We use often other primary groups for several reasons. Important is: 1. Sync unix and windows primary group manually. Make admins life easier in mixed environments. 2. Each user should be member of "Domain Users". At least as secondary group. -- Regards Harry Jede
Hi, thanks for your answer. Just last question. What do you mean with "secondary group"? a) The user is member of the "Domain Users" beside the primary group. b) The primary group itself is member of the "Domain Users" and the user that way a member of "Domain Users". -- Viele Gr??e Andreas Hauffe Am Sonntag, 15. Februar 2015, 22:50:33 schrieb Harry Jede:> On 18:06:54 wrote Andreas Hauffe: > > Hi, > > > > if you use the UNIX attributes the primary group is ignored if you > > use winbind and the primary group of the AD attributes is used. So > > every user has the "Domain Users" group as primary group. I also > > read that you are not supposed to change the AD primary group to > > another than "Domain Users". Is there a way to set the UNIX primary > > group to another group without causing trouble in Windows? Perhaps > > create a group which is member of the "Domain Users" and make this > > the primary AD group? > > Read this: > https://technet.microsoft.com/en-us/library/cc776334%28v=ws.10%29.aspx > and > https://technet.microsoft.com/en-us/library/cc758426%28v=ws.10%29.aspx > > We use often other primary groups for several reasons. Important is: > 1. Sync unix and windows primary group manually. Make admins life easier > in mixed environments. > 2. Each user should be member of "Domain Users". At least as secondary > group.