samba - Jan 2015 - Is there any problem that can arise from remapping gidNumber?

On 01/13/2015 09:23 AM, Rowland Penny wrote:
> On 13/01/15 14:06, John Lewis wrote:
>> On 01/13/2015 06:35 AM, Rowland Penny wrote:
>>> On 13/01/15 11:33, John Lewis wrote:
>>>> This morning I remapped gidNumber from primaryGroupID to
gidNumber. I
>>>> did that because I could not change the integer in
primaryGroupID wit
>>>> ldbedt as root.
>>>>
>>>> I mapped to to a new attribute called gidNumber which has no
specific
>>>> meaning in samba. Is there any potential problems that can
arise from
>>>> doing that. Is there a better way to fix that problem?
>>>>
>>> Hmm, definitely going to need more info here, gidNumber has a
specific
>>> meaning to samba, depending on how you set up samba.
>>>    Rowland
>>>
>> I took the defaults except for rfc2307 which I enabled. I am running
>> Samba Version 4.1.11-Debian.
> 
> Yes, but what as ?? an AD DC or in classic mode i.e. just like samba3
> Might be best if you post your smb.conf (sanitised )
> 
> Rowland
I attached it to this email.
-------------- next part --------------
# Global parameters
[global]
	workgroup = OFLAMEO
	realm = D.OFLAMEO.COM
	netbios name = DRAKEBURNER
	server role = active directory domain controller
	dns forwarder = 192.168.2.1
	idmap_ldb:use rfc2307 = yes

[netlogon]
	path = /var/lib/samba/sysvol/d.oflameo.com/scripts
	read only = No

[sysvol]
	path = /var/lib/samba/sysvol
	read only = No

On 13/01/15 15:11, John Lewis wrote:
> On 01/13/2015 09:23 AM, Rowland Penny wrote:
>> On 13/01/15 14:06, John Lewis wrote:
>>> On 01/13/2015 06:35 AM, Rowland Penny wrote:
>>>> On 13/01/15 11:33, John Lewis wrote:
>>>>> This morning I remapped gidNumber from primaryGroupID to
gidNumber. I
>>>>> did that because I could not change the integer in
primaryGroupID wit
>>>>> ldbedt as root.
>>>>>
>>>>> I mapped to to a new attribute called gidNumber which has
no specific
>>>>> meaning in samba. Is there any potential problems that can
arise from
>>>>> doing that. Is there a better way to fix that problem?
>>>>>
>>>> Hmm, definitely going to need more info here, gidNumber has a
specific
>>>> meaning to samba, depending on how you set up samba.
>>>>     Rowland
>>>>
>>> I took the defaults except for rfc2307 which I enabled. I am
running
>>> Samba Version 4.1.11-Debian.
>> Yes, but what as ?? an AD DC or in classic mode i.e. just like samba3
>> Might be best if you post your smb.conf (sanitised )
>>
>> Rowland
> I attached it to this email.
>
>
OK, so you are running samba4 as an AD DC, gidNumber definitely means 
something and if you want to change a users primarygroup, you need to do 
something like this:

First give the group that you want to be the new primarygroup a 
gidNumber (told you it means something)
next, make sure the user is  a member of this group, if not, add user to 
group
get the groups RID
change the users primaryGroupID attribute to the groups RID
AD will do the rest

Rowland

On 01/13/2015 10:41 AM, Rowland Penny wrote:
> On 13/01/15 15:11, John Lewis wrote:
>> On 01/13/2015 09:23 AM, Rowland Penny wrote:
>>> On 13/01/15 14:06, John Lewis wrote:
>>>> On 01/13/2015 06:35 AM, Rowland Penny wrote:
>>>>> On 13/01/15 11:33, John Lewis wrote:
>>>>>> This morning I remapped gidNumber from primaryGroupID
to gidNumber. I
>>>>>> did that because I could not change the integer in
primaryGroupID wit
>>>>>> ldbedt as root.
>>>>>>
>>>>>> I mapped to to a new attribute called gidNumber which
has no specific
>>>>>> meaning in samba. Is there any potential problems that
can arise from
>>>>>> doing that. Is there a better way to fix that problem?
>>>>>>
>>>>> Hmm, definitely going to need more info here, gidNumber has
a specific
>>>>> meaning to samba, depending on how you set up samba.
>>>>>     Rowland
>>>>>
>>>> I took the defaults except for rfc2307 which I enabled. I am
running
>>>> Samba Version 4.1.11-Debian.
>>> Yes, but what as ?? an AD DC or in classic mode i.e. just like
samba3
>>> Might be best if you post your smb.conf (sanitised )
>>>
>>> Rowland
>> I attached it to this email.
>>
>>
> 
> OK, so you are running samba4 as an AD DC, gidNumber definitely means
> something and if you want to change a users primarygroup, you need to do
> something like this:
> 
> First give the group that you want to be the new primarygroup a
> gidNumber (told you it means something)
> next, make sure the user is  a member of this group, if not, add user to
> group
> get the groups RID
> change the users primaryGroupID attribute to the groups RID
> AD will do the rest
> 
> Rowland
> 
What attribute is the group's RID?