Matthew Richardson
2022-Aug-17 12:36 UTC
[Samba] unix_primary_group not used when writing files
Apologies - I anonymised the real user values and put 'alice' in as the group by mistake - it should say 'g_alice'. Thanks, Matthew On 17/08/2022 13:31, Rowland Penny via samba wrote:> On Wed, 2022-08-17 at 12:31 +0100, Matthew Richardson via samba wrote: >> I have a samba server (v4.13.17 - Ubuntu 20.04) set up joined to an >> AD >> domain, with the following idmap config: >> >> [global] >> workgroup = MYDOM >> realm = MYDOM.EXAMPLE.COM >> security = ads >> idmap config * : backend = tdb >> idmap config * : range = 3000 - 9999 >> idmap config MYDOM : backend = ad >> idmap config MYDOM : schema_mode = rfc2307 >> idmap config MYDOM : range = 10000 - 9999999 >> idmap config MYDOM : unix_primary_group = yes >> idmap config MYDOM : unix_nss_info = yes >> winbind use default domain = yes >> >> All users in the domain have the unix attributes set (gidNumber, >> loginShell etc). There is also a group with the same gid as the >> user's >> gidNumber, and that user is a member of that group. >> >> This shows up fine using the nss commands, e.g.: >> >> $ getent passwd alice >> >> alice:*:12345:12345:Alice Smith:/home/alice:/bin/bash >> >> $ getent group alice >> >> alice:x:12345: >> >> $ groups alice >> >> alice : alice domain users > > How have you managed to have a user called 'alice' and a group called > 'alice' ? > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaThe University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. Is e buidheann carthannais a th? ann an Oilthigh Dh?n ?ideann, cl?raichte an Alba, ?ireamh cl?raidh SC005336.
Rowland Penny
2022-Aug-17 12:52 UTC
[Samba] unix_primary_group not used when writing files
On Wed, 2022-08-17 at 13:36 +0100, Matthew Richardson via samba wrote:> Apologies - I anonymised the real user values and put 'alice' in as > the > group by mistake - it should say 'g_alice'.Okay, lets try again :-) Did you add 'alice' to the group 'g_alice' ? If so, how ? You posted this: $ getent group g_alice g_alice:x:12345: Which doesn't show any users, but you also posted this: $ groups alice alice : g_alice domain users Which does show 'alice' is a member of the 'g_alice' group (if I have changed it correctly). Rowland