On 23 July 2013 15:04, Jonathan Buzzard <jonat...@buzzard.me.uk> wrote:
> Not what I said. The primaryGroupID is an identifier for a group in AD, > bit like a SID is (I don't get that either). So primaryGroupID 513 might > refer to a group called sambausers, which has a it's own set of > RFC2307bis attributes which include a gidNumber. Winbind uses the > gidNumber of the primaryGroupID, not the primaryGroupID itself which is > something entirely different. > As I said sssd uses the users gidNumber not the primaryGroupID, I may be wrong but I believe that the primaryGroupID is a windows thing and as such should be ignored by winbind if it is instructed to use rfc2307 attributes, but that is just my opinion > > As such your example does not show what you think it does show because > you have not shown the gidNumber of the group identified by > primaryGroupID 513. I would say even if sssd uses the gidNumber of the > user it would in my opinion be good practice to keep the gidNumber of > the user the same as the gidNumber of the Windows primary group. > So sorry, this is the gidNumber attribute from dn: CN=Domain Users,CN=Users,DC=example,DC=com gidNumber: 20513 As you can see, it is the same gidNumber that the user has. If you want my opinion and you probably don't, people need to stop thinking NT server if they connect to a samba4 AD server and start thinking AD server, they are totally different. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba