samba - Apr 2019 - Suggested change to Samba documentation - possible missing RFC2307 attribute prior to chown command?

Hi everyone, i've just been following the instructions about setting up 
a Samba domain member as a file shares. I am using Samba version 
4.5.16-Debian (yes its old, but i'm stuck with it for now ;) ) and I 
have been following the official Samba documentation found here:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

I just wanted to give you a heads up, I am finding that the chown step 
described in the aforementioned documentation is a little problematic:

chown root:"Domain Admins" /srv/samba/Demo/

When I tested it on my own domain member, joining a freshly created 
domain I found this step simply won't work for users using the ad 
backend unless they have already  added a RFC2307 gidNumber value to 
group "Domain Admins".
Perhaps we/you should update the docs to describe how to set the 
gidNumber in an earlier step to avoid this issue?

Would appreciate hearing your thoughts on this.

Kind Regards

Stephen Ellwood

On Wed, 3 Apr 2019 12:33:55 +0100
Stephen via samba <samba at lists.samba.org> wrote:
> Hi everyone, i've just been following the instructions about setting
> up a Samba domain member as a file shares. I am using Samba version 
> 4.5.16-Debian (yes its old, but i'm stuck with it for now ;) ) and I 
> have been following the official Samba documentation found here:
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> 
> I just wanted to give you a heads up, I am finding that the chown
> step described in the aforementioned documentation is a little
> problematic:
> 
> chown root:"Domain Admins" /srv/samba/Demo/
> 
> When I tested it on my own domain member, joining a freshly created 
> domain I found this step simply won't work for users using the ad 
> backend unless they have already  added a RFC2307 gidNumber value to 
> group "Domain Admins".
I have added a warning to the wiki page.
> Perhaps we/you should update the docs to describe how to set the 
> gidNumber in an earlier step to avoid this issue?
The problem is, just where to put something like this. I am not
dismissing this, just thinking about where & how ;-)

Rowland

> The problem is, just where to put something like this. I am not
> dismissing this, just thinking about where & how ;-)
Totally understand - don't worry! I'll leave it to you to decide the 
best place in the docs to flag this.
I just wanted to report this to give something back since I have had a 
ridiculous amount of help from people on this list recently.

Thanks
Stephen Ellwood