On Wed, Oct 20, 2010 at 12:36 PM, Oliver Weinmann <oliver.weinm...@vega.de> wrote: > Hi, > > Any news regarding this problem? I have testet samba 3.5.6 and the > problem still persists. I had to downgrade to 3.3 on a few machines now. > > Regards, > Oliver > > -----Original Message----- > From: samba-boun...@lists.samba.org > [mailto:samba-boun...@lists.samba.org] On Behalf Of Oliver Weinmann > Sent: Donnerstag, 9. September 2010 13:13 > To: samba@lists.samba.org > Subject: [Samba] Samba-winbind 3.5.4 primary group is always > domainusers!!!??? > > Dear All, > > I stepped over a strange issue today. I have one installation of samba > winbind 3.3.2 on a Ubuntu machine. Changing the primary unix group of a > user is updated immediately. On a newer samba 3.5.4 installation the > primary group is not updated at all. It always displays "domain users". > Is there a new setting for the smb.conf? Here is my smb.conf: > > [global] > netbios name = gedail1 > realm = SOMEDOMAIN.NET > workgroup = SOMEDOMAIN > security = ADS > encrypt passwords = true > password server = server1.somedomain.net server2.somedomain.net > os level = 20 > idmap backend = ad > idmap config SOMEDOMAIN : backend = ad > idmap config SOMEDOMAIN : schema_mode = sfu > idmap config SOMEDOMAIN : range = 0-99999999 > winbind nss info = sfu > winbind enum users = yes > winbind enum groups = yes > preferred master = no > winbind nested groups = Yes > winbind use default domain = Yes > max log size = 50 > log level = 10 > log file = /var/log/samba/log.%m > dns proxy = no > wins server = 172.20.200.18 172.18.200.20 > allow trusted domains = no > client use spnego = Yes > use kerberos keytab = true > winbind refresh tickets = yes > idmap cache time = 1 > winbind cache time = 1 > > It's a W2k3 AD Domain. > > Regards, > Oliver > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > ______________________________________________________________________ > This email has been scanned by the MessageLabs Email Security System. > For more information please visit http://www.messagelabs.com/email > ______________________________________________________________________ > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
I've noticed the same with samba 3.5.6, our administrator user has primary group name/gid Domain Admins but the primary group on our linux systems is domain users. I've noticed that searching AD for users with rfc2307/sfu attributes shows the correct gid: net ads search '(|(uidNumber=*)(gidNumber=*))' objectCategory sAMAccountName uidNumber gidNumber -P sAMAccountName: Domain Users objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=josims,DC=local gidNumber: 10000 sAMAccountName: test objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=josims,DC=local uidNumber: 10009 gidNumber: 10010 The gid returned is correct, and if I change it and remove the cache file it updates, so it is definitely being read from AD, but all users have gid domain users: wbinfo -i test test:*:10009:10000:test:/home/test:/bin/bash Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba