SSSD has auto_private_groups setting which effectively automatically creates a private user group when getting users from AD that either don't have gidNumber set for them or have gidNumber set to be the same as uidNumber. Is there any option in Winbind that could help achieve a similar result? Say, I have a user 'alexey' with uidNumber 1174235, when I run `id alexey` I want to get 'uid=1174235(alexey) gid=1174235(alexey)' instead of 'uid=1174235(alexey) gid=1174235' and a '/usr/bin/id: cannot find name for group ID 1174235' message when opening terminal. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part. URL: <http://lists.samba.org/pipermail/samba/attachments/20200227/917958af/signature.sig>
Maybe a workaround? We use winbind and default domain. Therefore there are two records from getent if there's a local user with the same name (and different uid). However, I just did a test creating a local user with the uid from winbind and created the associated group. So, for my cjcox test user when logged into a shell I get: $ id uid=16777219(cjcox) gid=16777219(cjcox) groups=16777219(cjcox),16777217(BUILTIN\users), etc... and I only get one entry back from gentent passwd. On 2/27/20 5:28 PM, Alexey A Nikitin via samba wrote:> SSSD has auto_private_groups setting which effectively automatically creates a private user group when getting users from AD that either don't have gidNumber set for them or have gidNumber set to be the same as uidNumber. Is there any option in Winbind that could help achieve a similar result? Say, I have a user 'alexey' with uidNumber 1174235, when I run `id alexey` I want to get 'uid=1174235(alexey) gid=1174235(alexey)' instead of 'uid=1174235(alexey) gid=1174235' and a '/usr/bin/id: cannot find name for group ID 1174235' message when opening terminal. > >
On 27/02/2020 23:28, Alexey A Nikitin via samba wrote:> SSSD has auto_private_groups setting which effectively automatically creates a private user group when getting users from AD that either don't have gidNumber set for them or have gidNumber set to be the same as uidNumber.It sounds like sssd is doing something similar to what idmap.ldb does on a Samba DC, On a DC a group can be a group and a user. There is nothing like this on a Unix domain member, the nearest you can get is by using the winbind 'ad' backend on Samba >= 4.6.0 and adding 'idmap config SAMDOM:unix_primary_group = yes' to the smb.conf . With this you can set individual primary groups for each user, but they cannot have the same name as the user. Why you would want to do this, defeats me, yes I know that you are used to user private groups, but Windows works very well without them. Rowland
On 28/02/2020 00:00, Christopher Cox via samba wrote:> Maybe a workaround?? We use winbind and default domain.? Therefore > there are two records from getent if there's a local user with the > same name (and different uid).? However, I just did a test creating a > local user with the uid from winbind and created the associated > group.? So, for my cjcox test user when logged into a shell I get: > > $ id > uid=16777219(cjcox) gid=16777219(cjcox) > groups=16777219(cjcox),16777217(BUILTIN\users), etc... > > and I only get one entry back from gentent passwd.It sounds like you have a borked setup and I would love to know how you are creating a user or group with the same name as an existing one. Whenever I try, it fails with something like 'error, user exists'. Rowland