Displaying 20 results from an estimated 34 matches for "primarygroup".
2015 Jan 13
2
Is there any problem that can arise from remapping gidNumber?
...ewis wrote:
>> On 01/13/2015 09:23 AM, Rowland Penny wrote:
>>> On 13/01/15 14:06, John Lewis wrote:
>>>> On 01/13/2015 06:35 AM, Rowland Penny wrote:
>>>>> On 13/01/15 11:33, John Lewis wrote:
>>>>>> This morning I remapped gidNumber from primaryGroupID to gidNumber. I
>>>>>> did that because I could not change the integer in primaryGroupID wit
>>>>>> ldbedt as root.
>>>>>>
>>>>>> I mapped to to a new attribute called gidNumber which has no specific
>>>>>>...
2014 Aug 12
1
Samba4 and idmap_ad
...hing went fine: installing the samba packages, getting Kerberos running, and joining the AD. But when I use id or wbinfo now to get user information I get lots of groups which cannot be mapped a GID and thus are displayed as -1 or 4294967295:
id DOMAIN\\USER
uid=3611(DOMAIN\\USER) gid=3000(DOMAIN\\PRIMARYGROUP) groups=3000(DOMAIN\\PRIMARYGROUP),3001(DOMAIN\\OTHERGROUP),4294967295,4294967295,4294967295,4294967295,4294967295,4294967295,4294967295,4294967295,4294967295,4294967295,4294967295,4294967295,4294967295,2(daemon)
wbinfo -r DOMAIN\\USER
3000
3001
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
2
On another...
2015 Jan 13
2
Is there any problem that can arise from remapping gidNumber?
On 01/13/2015 09:23 AM, Rowland Penny wrote:
> On 13/01/15 14:06, John Lewis wrote:
>> On 01/13/2015 06:35 AM, Rowland Penny wrote:
>>> On 13/01/15 11:33, John Lewis wrote:
>>>> This morning I remapped gidNumber from primaryGroupID to gidNumber. I
>>>> did that because I could not change the integer in primaryGroupID wit
>>>> ldbedt as root.
>>>>
>>>> I mapped to to a new attribute called gidNumber which has no specific
>>>> meaning in samba. Is there any potential...
2009 May 26
3
Permissions and security
...etting up the system permissions to be secure. Here my
basic setup.
2 groups: users and staff
/home/user should have the permissions user:users rwx------
/mnt/staff should have the permissions user:staff rwxrwx---
For the last one users should'nt have access.
I test with fx.: user=staffuser, primarygroup: users, member of group: staff
If i setup the permissions to the above suggested i can create files but
can't change them. So it seems i have the right permissions to create
files but afterwards i don't. The files are created with the right
permissions, username and group: staffuser:staff....
2015 Jun 30
2
Several questions about winbind[d]
...e
winbind in nsswitch.conf and pam.d/* on DC to be able to check ACLs on
sysvol folder but the fact using winbind all users have "Domain users" as
primary group seems to me an issue to agree with that solution...
As far I understand wbinfo fill user's primary group according to
"primaryGroup" value.
Is there a way to configure winbind to fill user's primary group using
"gidNumber" rather than "primaryGroup"?
Cheers,
mathias
2015-06-29 11:18 GMT+02:00 Andrew Bartlett <abartlet at samba.org>:
> On Thu, 2015-06-25 at 16:27 +0200, mathias dufresn...
2018 Mar 27
0
10 minutes between primary group change and effect on Fedora 27
...ing
> winbind 4.7.6 as jefftest and run id.
> It still shows the old group.
> So I log out as jefftest and in as root and run
I think you are mixing up group membership and the users primary group,
when you run 'getent group username' what is returned is the username
and the users primarygroup
e.g. getent passwd rowland
Returns:
rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
The first number is the users uidNumber, the second is the gidNumber of
the users primarygroup, in this case Domain Users.
All users, by default, get the gidNumber of Domain Users, if you want
the use...
2015 Jun 30
2
Several questions about winbind[d]
...uot; as
>> primary group seems to me an issue to agree with that solution...
>>
>
> This is yet another reason not to use a DC as a fileserver. The 'Domain
> users' problem can be fixed, but it can cause more problems than what it
> fixes, because to change the users primaryGroupID attribute means removing
> the user from the 'Domain Users' group and windows expects all users to be
> a member of 'Domain Users'.
>
> As far I understand wbinfo fill user's primary group according to
>> "primaryGroup" value.
>>
>> Is...
2018 Mar 27
2
10 minutes between primary group change and effect on Fedora 27
...efftest and run id.
>> It still shows the old group.
>> So I log out as jefftest and in as root and run
>
> I think you are mixing up group membership and the users primary group,
> when you run 'getent group username' what is returned is the username
> and the users primarygroup
> e.g. getent passwd rowland
>
> Returns:
> rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
>
> The first number is the users uidNumber, the second is the gidNumber of
> the users primarygroup, in this case Domain Users.
>
> All users, by default, get the gidN...
2015 Jan 13
0
Is there any problem that can arise from remapping gidNumber?
.../01/15 15:11, John Lewis wrote:
> On 01/13/2015 09:23 AM, Rowland Penny wrote:
>> On 13/01/15 14:06, John Lewis wrote:
>>> On 01/13/2015 06:35 AM, Rowland Penny wrote:
>>>> On 13/01/15 11:33, John Lewis wrote:
>>>>> This morning I remapped gidNumber from primaryGroupID to gidNumber. I
>>>>> did that because I could not change the integer in primaryGroupID wit
>>>>> ldbedt as root.
>>>>>
>>>>> I mapped to to a new attribute called gidNumber which has no specific
>>>>> meaning in samba. Is...
2015 Jan 13
0
Is there any problem that can arise from remapping gidNumber?
...> On 01/13/2015 09:23 AM, Rowland Penny wrote:
>>>> On 13/01/15 14:06, John Lewis wrote:
>>>>> On 01/13/2015 06:35 AM, Rowland Penny wrote:
>>>>>> On 13/01/15 11:33, John Lewis wrote:
>>>>>>> This morning I remapped gidNumber from primaryGroupID to gidNumber. I
>>>>>>> did that because I could not change the integer in primaryGroupID wit
>>>>>>> ldbedt as root.
>>>>>>>
>>>>>>> I mapped to to a new attribute called gidNumber which has no specific
>>&...
2003 Apr 23
1
Insecure smbpasswd with ldap ??
hi there i have recently moved all users to LDAP and incorporated the
Samba schema i have allocated servers read only access to the data
except for what is required ie lmpass ... ntpass .. what disturbs me is
that smbpasswd demands write access to
uid,rid,primarygroup,cn,displayname i would rather it did not do this i
fully understand why samba requires write access to other attr's in fact
in my config these are read only except for servers ...
im going to be hacking away at the code to change this and was hopeing
someone out there would agree in the logic...
2018 Mar 27
6
10 minutes between primary group change and effect on Fedora 27
My smb.conf looks like so.
[global]
security = ads
realm = MIND.UNM.EDU
workgroup = MIND
idmap config * : backend = tdb
idmap config * : range = 2000-7999
idmap config MIND:backend = ad
idmap config MIND:schema_mode = rfc2307
idmap config MIND:range = 8000-9999999
idmap config MIND:unix_nss_info = yes
winbind use default domain = yes
restrict anonymous = 2
I have
2015 Jun 30
1
Several questions about winbind[d]
...et same objectSid (except removing deleted objects perhaps or changing
"searchFlags" to really delete them when using ldbdel).
This implies a deleted then recreated user can't be the same user, all file
rights and ACLs set using this account must be rebuilt. Using objectSid as
uid and primaryGroup as gid means this rights and ACLs issue would happen
on both world (UNIX and Windows)...
Anyway, there is workaround (SSSD for clients, a non-DC member server with
SSSD to check ACLs, etc...), there are lot of more urgent stuffs to do, not
a real issue :)
2015-06-30 14:00 GMT+02:00 Rowland Penny...
2015 Jun 30
0
Several questions about winbind[d]
...sers have "Domain users" as
> primary group seems to me an issue to agree with that solution...
This is yet another reason not to use a DC as a fileserver. The 'Domain
users' problem can be fixed, but it can cause more problems than what it
fixes, because to change the users primaryGroupID attribute means
removing the user from the 'Domain Users' group and windows expects all
users to be a member of 'Domain Users'.
> As far I understand wbinfo fill user's primary group according to
> "primaryGroup" value.
>
> Is there a way to configure...
2018 Dec 17
2
Share Printer via GPO per User
...user's security context (user policy option) Yes
Remove this item when it is no longer applied No
Apply once and do not reapply No
Item-level targeting: Security GroupAttribute Value
bool AND
not 0
name SAMDOM\Domain Users
sid S-1-5-21-3008661040-3046359653-1299078886-513
userContext 1
primaryGroup 0
localGroup 0
Best Regards,
P.S. use "Domain Users" just for testing
2015 Apr 06
4
Samba as AD member can not validate domain user
...ers starting from 10000,
ldbsearch gives:
dn: CN=Domain Users,CN=Users,DC=internal,DC=domain,DC=lv
objectSid: S-1-5-21-216404829-505555237-127066545-513
gidNumber: 10000
> If you use the 'ad' backend, then giving your users a 'uidNumber' is
> not enough, you must give their primarygroup (Domain Users) a
> 'gidNumber' attribute.
all of the AD users are members of the Domain Users group now.
Now on DC getent passwd gives just list of local users;
getent passwd INTERNAL\\username gives domain user info with uid/gid
100xx:10000
still no changes on fileserver, getent...
2015 Jun 30
0
Several questions about winbind[d]
...;> primary group seems to me an issue to agree with that solution...
>>>
>> This is yet another reason not to use a DC as a fileserver. The 'Domain
>> users' problem can be fixed, but it can cause more problems than what it
>> fixes, because to change the users primaryGroupID attribute means removing
>> the user from the 'Domain Users' group and windows expects all users to be
>> a member of 'Domain Users'.
>>
>> As far I understand wbinfo fill user's primary group according to
>>> "primaryGroup" value....
2015 Apr 07
2
Samba as AD member can not validate domain user
...dn: CN=Domain Users,CN=Users,DC=internal,DC=domain,DC=lv
>> objectSid: S-1-5-21-216404829-505555237-127066545-513
>> gidNumber: 10000
>>
>>> If you use the 'ad' backend, then giving your users a 'uidNumber'
>>> is not enough, you must give their primarygroup (Domain Users) a
>>> 'gidNumber' attribute.
>
>> all of the AD users are members of the Domain Users group now.
>
> what do you mean 'all of the AD users are members of the Domain
> Users group now.' ??
>
> I hope you haven't changed the user...
2015 Jan 13
2
Is there any problem that can arise from remapping gidNumber?
...15 09:23 AM, Rowland Penny wrote:
>>>>> On 13/01/15 14:06, John Lewis wrote:
>>>>>> On 01/13/2015 06:35 AM, Rowland Penny wrote:
>>>>>>> On 13/01/15 11:33, John Lewis wrote:
>>>>>>>> This morning I remapped gidNumber from primaryGroupID to gidNumber. I
>>>>>>>> did that because I could not change the integer in primaryGroupID wit
>>>>>>>> ldbedt as root.
>>>>>>>>
>>>>>>>> I mapped to to a new attribute called gidNumber which has no sp...
2015 Jun 25
3
Several questions about winbind[d]
Hi all,
I'm wondering about winbind[d] behaviour.
I tried the following with:
auth methods = sam winbindd
and the same with only one d:
auth methods = sam winbind
One user:
ldbsearch -H $sam '(cn=another.fakeuser)' homeDirectory loginShell
gidnumber uidnumber
# record 1
dn: CN=another.fakeuser,OU=a,OU=Standards,OU=Utilisateurs,DC=ad,DC=dgfip
homeDirectory: */home/another.fakeuser*