Hi all In the idmap_config_ad wiki, it states .. If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD. Can someone explain this? Thanks, Robert Vaughan ---------------------------------------------------------------------- This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information. No one else may read, print, store, copy, forward or act in reliance on it or its attachments. If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated.
On Sun, 2023-02-12 at 16:40 +0000, Vaughan, Robert J via samba wrote:> Hi all > > In the idmap_config_ad wiki, it states .. > > If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD. > > Can someone explain this?My guess is that failing to map the typical primary group of all users is likely to cause major service disruption. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
On 12/02/2023 16:40, Vaughan, Robert J via samba wrote:> Hi all > > In the idmap_config_ad wiki, it states .. > > If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD. > > Can someone explain this? >Yes Every users primaryGroupID attribute is set to 513, the RID for Domain Users. Unless Domain Users has a gidNumber attribute, then no users are shown by getent passwd & id via winbind. Rowland