On Tue, 2013-07-23 at 14:39 +0100, Rowland Penny wrote: > Could this be yet another reason to use sssd instead of winbind? > > sssd does use the account gidNumber > > testuser > > primaryGroupID: 513 > uidNumber: 3001106 > gidNumber: 20513 > > getent passwd testuser > testuser:*:3001106:20513:testuser:/home/DOMAIN/testuser:/bin/bash > >
Not what I said. The primaryGroupID is an identifier for a group in AD, bit like a SID is (I don't get that either). So primaryGroupID 513 might refer to a group called sambausers, which has a it's own set of RFC2307bis attributes which include a gidNumber. Winbind uses the gidNumber of the primaryGroupID, not the primaryGroupID itself which is something entirely different. As such your example does not show what you think it does show because you have not shown the gidNumber of the group identified by primaryGroupID 513. I would say even if sssd uses the gidNumber of the user it would in my opinion be good practice to keep the gidNumber of the user the same as the gidNumber of the Windows primary group. Sometimes my mind boggles at just how much people don't understand AD and Samba in the Linux/Unix world. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba