-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Billerbeck wrote:> Hello all,
>
> I have following situation: There are users that don't have
> the well-known RID 513, so groupmapping like
> Domain Users (S-1-5-21-<domain SID part>-513) -> users doesn't
> have any effect. There are users that have the primary
> group RID 545, 2001 and 1201.
>
> That's somehow messy. Is there any chance to get the Domain
> Users into the well-known primary group rid 513? Does it then also
> make sense to give machines the well known group rid 515?
> Or is it better to change mapping by giving the rid explicitly?
The primary group SID must be in the same domain as the user's SID.
So you cannot specify a group from the BUILTIN domain to be
the primary group. There's a lot of work going on in this
area right now for the 3.0.22 release.
If I understand you question correctly, you want to force all
user's primary group SID to be S-1-5-....-513 regardless of the
primary Unix group? It's pretty easy to mod the code to do this.
But I seriously doubt it would be a change that will go into the
samba source tree.
cheers, jerry
====================================================================I live in a
Reply-to-All world. -----------------------
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFD7iNwIR7qMdg1EfYRAkKVAKDvwPq/r89XBGzRhdzBZc8ih1svCgCfZMsD
n8wKRlT45pNmiBFVU9OLrrg=SGMM
-----END PGP SIGNATURE-----