samba - Feb 2005 - Changing a user's primary GID

I'm using samba version 3.0.10 on an Intel PC running Redhat Linux 3.0
AS.  I am using winbind with the idmap_rid module to authenticate users
to Windows AD.  All the current Linux user account names are exactly the
same as the corresponding Windows AD SAM acct names.  Everything works
beautifully EXCEPT for the GIDs generated from the from the AD Groups
that the Windows accounts belong to.  (The UIDs are NOT a problem.)  It
seems like they all belong to the same group of "Domain Users".

This is what I DO NOT want!  At a minimum I need to have users in one of
2 Linux groups - as their primary group - a faculty or a student group
since our current utility programs use Linux group permissions to work
properly.  A student account can easily be determined from the
SAMaccountName - if it starts with a lowercase "x".  If not it is a
faculty account.

I DO NOT control the info in the Windows AD system.

Is there a way to force a user be put into a particular (LOCAL) Linux
group when logging into a Linux host running Samba winbind.  This would
be there primary group while logged in.
I really have no use for the domain group.

Is there a utility or would the code have to be hacked?  If the latter
is true what C programs need to be modified?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wong, G. MR EECS wrote:

| I'm using samba version 3.0.10 on an Intel PC
| running Redhat Linux 3.0 AS.  I am using winbind with
| the idmap_rid module to authenticate users to Windows AD.
| All the current Linux user account names are exactly the
| same as the corresponding Windows AD SAM acct names.
| Everything works beautifully EXCEPT for the GIDs generated
| from the from the AD Groups that the Windows accounts belong
| to.  (The UIDs are NOT a problem.)  It seems like they all
| belong to the same group of "Domain Users".

This is an optimization on our part for performance
reasons.  You're not the first one to complain about it.

| This is what I DO NOT want!  At a minimum I need to have
| users in one of 2 Linux groups - as their primary group -
| a faculty or a student group since our current utility
| programs use Linux group permissions to work
| properly.  A student account can easily be determined
| from the SAMaccountName - if it starts with a lowercase "x".
| If not it is a faculty account.
|
| I DO NOT control the info in the Windows AD system.
|
| Is there a way to force a user be put into a
| particular (LOCAL) Linux group when logging into a
| Linux host running Samba winbind.  This would
| be there primary group while logged in.
| I really have no use for the domain group.
|
| Is there a utility or would the code have to be
| hacked?  If the latter is true what C programs need
| to be modified?

Look at source/ nsswitch/winbindd_user.c and modify
the winbind_fill_pwent() IIRC.  You can change this
to do what you want.




cheers, jerry
====================================================================Alleviating
the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCA9gjIR7qMdg1EfYRAiS7AKCOtkP3TJpmR2kLtS11tzpC/UMNWwCgoNmb
vuFPC6FuAjvY4kDjar5qrN0=AAoD
-----END PGP SIGNATURE-----

Mr. G,

Are you using the "net groupmap" facility to assign local UNIX groups
to your
Windows Domain Groups?

ie: net groupmap modify ntgroup="Domain Whatsis" unixgroup=aunixgroup

- John T.

On Friday 04 February 2005 13:06, Wong, G. MR   EECS
wrote:
> I'm using samba version 3.0.10 on an Intel PC running Redhat Linux 3.0
> AS.  I am using winbind with the idmap_rid module to authenticate users
> to Windows AD.  All the current Linux user account names are exactly the
> same as the corresponding Windows AD SAM acct names.  Everything works
> beautifully EXCEPT for the GIDs generated from the from the AD Groups
> that the Windows accounts belong to.  (The UIDs are NOT a problem.)  It
> seems like they all belong to the same group of "Domain Users".
>
> This is what I DO NOT want!  At a minimum I need to have users in one of
> 2 Linux groups - as their primary group - a faculty or a student group
> since our current utility programs use Linux group permissions to work
> properly.  A student account can easily be determined from the
> SAMaccountName - if it starts with a lowercase "x".  If not it is
a
> faculty account.
>
> I DO NOT control the info in the Windows AD system.
>
> Is there a way to force a user be put into a particular (LOCAL) Linux
> group when logging into a Linux host running Samba winbind.  This would
> be there primary group while logged in.
> I really have no use for the domain group.
>
> Is there a utility or would the code have to be hacked?  If the latter
> is true what C programs need to be modified?
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.

Hi,

I'm following the configuration examples and I can't see a samba share
from
my XP box can you help me?

My smb.conf goes like this

[global]
	workgroup = MIDEARTH
	netbios name = HOBBIT
	security = share

[data]
	comment = Data
	path = /export
	read only = Yes
	guest only = Yes


Regards
Rui

Hi all,

How can I know if Samba is running properly?

Thanks
Rui

rmgsantos@sapo.pt wrote:
> Hi all,
> 
> How can I know if Samba is running properly?
What exactly are you trying to determine?
ps -wuax | grep -E "smb|nmb"
  - will show you if/what the processes are running

what does smbstatus show?
  - this will show the status of all things samba

Jeff

> 
> Thanks
> Rui
> 
>