Web lists-archives.com

Re: [Samba] using Windows AD unwanted Group rights get applied to new Files




On Tue, 07 Aug 2018 22:43:23 +0100
Miguel Medalha via samba <samba@xxxxxxxxxxxxxxx> wrote:

> > By default, every AD user is a member of 'Domain Users' and so, 
> > when you use the 'rid' backend every Unix user gets the group as
> > their primary group.
> 
> > The only way to change this is by using a version of Samba >= 4.6.0
> > and use the 'ad' backend  (...)
> 
> You can also use RSAT and define some other group as the user's
> primary group, and still use 'rid' backend. If I remember well, the
> setting resides in the "Member of" tab of Active Directory Users and
> Computers (ADUC).

Wrong, that just adds another attribute ('msSFU30PosixMember' I
think) and this is ignored.

Yes, there is another way, add user to a group, change users
primaryGroupID attribute to contain the RID of the new group and your
users group on Unix will be the new group. Unfortunately there is a big
problem with doing this, it breaks Windows, as it relies on all users
being a member of Domain Users and that group not actually having any
members ;-)

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba