12618 – Winbind on a DC doesn't show a 'ID_TYPE_BOTH' as a user by name.

Bug 12618 - Winbind on a DC doesn't show a 'ID_TYPE_BOTH' as a user by name.

Summary: Winbind on a DC doesn't show a 'ID_TYPE_BOTH' as a user by name.

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Winbind (show other bugs)
Version:	4.6.0
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-03-09 12:11 UTC by Rowland Penny
Modified:	2022-07-14 10:41 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Rowland Penny 2017-03-09 12:11:19 UTC

It would seem that whilst a group such as Domain Admins is mapped to 'ID_TYPE_BOTH' in idmap.ldb, the OS will only accept the group as a user by number, not by name.

i.e. 'chown Domain\ Admins:Domain\ Admins file.txt' will fail, but 'chown 3000013:Domain\ Admins file.txt' will succeed.

Note that '3000013' is the GID for Domain Admins:

getent group Domain\ Admins
SAMDOM\domain admins:x:3000013:SAMDOM\administrator,SAMDOM\rowland

Comment 1 Rowland Penny 2022-07-14 10:41:40 UTC

(In reply to Rowland Penny from comment #0)
Closing this, it now appears to work on 4.15.7