Rowland Penny
2022-Dec-19 15:09 UTC
[Samba] R: group 'Domain User' has changed rid in a new server
On 19/12/2022 15:00, Corrado Ravinetto wrote:> Rowland thanks a lot. > This choice arrive from an old samba 3 installed many years ago, i think quite 20 years, then upgraded, upgraded and upgraded. > The problem is not how to change rights on files but how can i change PrimaryGroupID on all users ??There is no sane way of doing this. You could use the 'ad' idmap backend and give every user a uidNumber attribute containing a unique number and Domain Users a gidNumber attribute containing '513' Your idmap config line would have to be something like this: idmap config DOMAIN : range = 500-9999999 I cannot recommend doing this, it removes the possibility of any local Unix users. It will be a lot more work (and it will be ongoing) than changing the group ownership of the files through a script. Rowland
Corrado Ravinetto
2022-Dec-19 15:55 UTC
[Samba] R: R: group 'Domain User' has changed rid in a new server
I changed my smb.conf with this parameter, but nothing change ?
idmap config * : range = 9000-17999
idmap config lxcerruti : backend = ad
idmap config lxcerruti : range = 500-8999
idmap config lxcerruti : unix_nss_info = yes
idmap config lxcerruti : unix primary_goup = yes
idmap config * : backend = tdb
[root at dm ~]# getent group "LXCERRUTI\\Domain Users"
domain users:x:110513:
-----Messaggio originale-----
Da: samba <samba-bounces at lists.samba.org> Per conto di Rowland Penny
via samba
Inviato: luned? 19 dicembre 2022 16:10
A: samba at lists.samba.org
Cc: Rowland Penny <rpenny at samba.org>
Oggetto: Re: [Samba] R: group 'Domain User' has changed rid in a new
server
On 19/12/2022 15:00, Corrado Ravinetto wrote:> Rowland thanks a lot.
> This choice arrive from an old samba 3 installed many years ago, i think
quite 20 years, then upgraded, upgraded and upgraded.
> The problem is not how to change rights on files but how can i change
PrimaryGroupID on all users ??
There is no sane way of doing this.
You could use the 'ad' idmap backend and give every user a uidNumber
attribute containing a unique number and Domain Users a gidNumber attribute
containing '513'
Your idmap config line would have to be something like this:
idmap config DOMAIN : range = 500-9999999
I cannot recommend doing this, it removes the possibility of any local Unix
users.
It will be a lot more work (and it will be ongoing) than changing the group
ownership of the files through a script.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Corrado Ravinetto
Sistemi informativi
corrado.ravinetto at lanificiocerruti.com <mailto:corrado.ravinetto at
lanificiocerruti.com>
T: +39 015 3591283
[Lanificio F.lli CERRUTI]
Lanificio F.lli Cerruti S.p.A.
Via Cernaia 40, 13900 - Biella (BI) Italy
www.lanificiocerruti.com <http://www.lanificiocerruti.com/>
[Twitter] <https://twitter.com/Lan_Cerruti> [Facebook]
<https://www.facebook.com/LanificioCerruti> [Instagram]
<https://www.instagram.com/lanificiocerruti/>
Rispetta l'ambiente, non stampare questa mail se non necessario
Respect the environment, don't print unless necessary
[Unesco]