On Thu, 2012-03-08 at 09:00 +0100, steve wrote: > Hi > When I add the posixGroup class to an AD group, add a user to the group > and set their primaryGroupID, I can add members to the group: > > samba-tool group addmembers debusers lynn2 > ERROR(ldb): Failed to add members "lynn2" to group "debusers" - samldb: > member CN=lynn2,CN=Users,DC=hh3,DC=site already set via primaryGroupID 1106 > > where lynn2 is a user who has been added to the AD posix group debusers > with primaryID=1106 > > But I cannot see the entry > member: lynn2
Correct. PrimaryGroupID acts like a member link, but without being a member attribute. Users with primaryGroupID are members of the domain group with that RID. > when I look at the debusers dn using ldbsearch as I can under Domain > Users. The user appears as expected in Domain Users but not under debusers. > > Everything works exactly as expected and debusers behaves as if it were > a normal AD group, ace's, acl's permissions etc work under both win7 and > Linux etc. > 1. Is there a samba-tool command to list members of a group? > 2. Why do I lose the tabs on properties when I add the posixGroup class > to an AD group? This is due to a bug/mis-feature of Active Directory Users and Computers. Unless you can show it is different on a Windows server, the explanation is that the last objectClass value is used by ADUC to determine what tab to show. This in turn is determined by a sort of objectClass values from least to most specific. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
