What I'm offering is a solution. Again, what I proposed is a functional workaround. It's actually pretty natural and obvious when you get right down to it. On 2/28/20 8:00 AM, Rowland penny via samba wrote:> On 28/02/2020 13:24, chriscox--- via samba wrote: >> Manually.? Direct edit of passwd and group.Sent from my Sprint Phone.------ >> Original message------From: Rowland penny via sambaDate: Fri, Feb 28, 2020 >> 2:04 AMTo: samba at lists.samba.org;Cc: Subject:Re: [Samba] auto_private_groups >> analogue?On 28/02/2020 00:00, Christopher Cox via samba wrote: >>> Maybe a workaround?? We use winbind and default domain.? Therefore >>> there are two records from getent if there's a local user with the >>> same name (and different uid).? However, I just did a test creating a >>> local user with the uid from winbind and created the associated >>> group.? So, for my cjcox test user when logged into a shell I get: >>> >>> $ id >>> uid=16777219(cjcox) gid=16777219(cjcox) >>> groups=16777219(cjcox),16777217(BUILTIN\users), etc... >>> >>> and I only get one entry back from gentent passwd. >> It sounds like you have a borked setup and I would love to know how you >> are creating a user or group with the same name as an existing one. >> Whenever I try, it fails with something like >> ? 'error, user exists'. >> >> Rowland >> >> >> >> > I wouldn't send emails from that phone if I were you, I had to read it three > times before I spotted your reply ;-) > > AND > > That is a stupid way to add users or groups, I cannot recommend using it. > > Rowland > > >
On 28/02/2020 17:18, Christopher Cox via samba wrote:> What I'm offering is a solution. > > Again, what I proposed is a functional workaround.? It's actually > pretty natural and obvious when you get right down to it. >No it isn't. If you try to add a local user to a domain joined Unix computer and that user exists in AD, you will not be allowed to. The same goes for groups. You cannot add a user or group to AD if it exists in /etc/passwd or /etc/group. Your idea to manually edit /etc/passwd or /etc/group isn't a workaround, it is a botch to get around the above. If you do create users or groups as you suggest, then the user or group in /etc/* will be used instead of the ones in AD and what if you actually meant the one in AD ?? Rowland
On 2/28/20 11:29 AM, Rowland penny via samba wrote:> On 28/02/2020 17:18, Christopher Cox via samba wrote: >> What I'm offering is a solution. >> >> Again, what I proposed is a functional workaround.? It's actually pretty >> natural and obvious when you get right down to it. >> > No it isn't. If you try to add a local user to a domain joined Unix computer and > that user exists in AD, you will not be allowed to. The same goes for groups. > You cannot add a user or group to AD if it exists in /etc/passwd or /etc/group. > > Your idea to manually edit /etc/passwd or /etc/group isn't a workaround, it is a > botch to get around the above. If you do create users or groups as you suggest, > then the user or group in /etc/* will be used instead of the ones in AD and what > if you actually meant the one in AD ?? > > RowlandReally don't know why you're doing this? Is there something else going on in your life right now? I stand by my workaround.