Re: [Samba] using Windows AD unwanted Group rights get applied to new Files
- Date: Wed, 8 Aug 2018 08:17:26 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] using Windows AD unwanted Group rights get applied to new Files
On Tue, 07 Aug 2018 22:43:23 +0100
Miguel Medalha via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > By default, every AD user is a member of 'Domain Users' and so,
> > when you use the 'rid' backend every Unix user gets the group as
> > their primary group.
> > The only way to change this is by using a version of Samba >= 4.6.0
> > and use the 'ad' backend (...)
> You can also use RSAT and define some other group as the user's
> primary group, and still use 'rid' backend. If I remember well, the
> setting resides in the "Member of" tab of Active Directory Users and
> Computers (ADUC).
Wrong, that just adds another attribute ('msSFU30PosixMember' I
think) and this is ignored.
Yes, there is another way, add user to a group, change users
primaryGroupID attribute to contain the RID of the new group and your
users group on Unix will be the new group. Unfortunately there is a big
problem with doing this, it breaks Windows, as it relies on all users
being a member of Domain Users and that group not actually having any
To unsubscribe from this list go to the following URL and read the