On Fri, Mar 5, 2021, at 12:03, Lachlan Simpson via FreeIPA-users wrote:
On Thu, Mar 4, 2021, at 17:46, Alexander Bokovoy via FreeIPA-users wrote:
On to, 04 maalis 2021, Lachlan Simpson via FreeIPA-users wrote:
>
The SMB fallback group is in IPA and has to have SID assigned, from IPA
range. This is for the situation when a primary group of a user in IPA
does not have a SID or a user does not have a primary group pointed by
their GID. This is not for AD users.
An easier way to get it working is by returning back the fallback group
reference to the original SMB fallback group and make sure it has SID.
How do I determine the original samba fallback group? I have only added the single group to IPA. The others are the defaults, so ipausers would be the default group? How do I determine if an IPA group has a SID? I can see a
ipauniqueid when I run
I have got smb running by virtue of creating a new group and assigning that as the new default fallback group:
# ipa group-add ipa_default_user_group
------------------------------------
Added group "ipa_default_user_group"
------------------------------------
Group name: ipa_default_user_group
GID: 709600029
# ipa automember-default-group-set
Default (fallback) Group: ipa_default_user_group
Grouping Type: group
---------------------------------------------------
Set default (fallback) group for automember "group"
---------------------------------------------------
Default (fallback) Group: cn=ipa_default_user_group,cn=groups,cn=accounts,dc=test,dc=company,dc=com
# ipa automember-default-group-show
Grouping Type: group
Default (fallback) Group: cn=ipa_default_user_group,cn=groups,cn=accounts,dc=test,dc=company,dc=com
Cheers
L.