Any update/thoughts on this? From: Schrier, William (Contractor) Sent: Monday, September 8, 2025 1:45 PM To: [email protected] Subject: accidentally overloaded the "Default SMB Group"
I recently migrated my FreeIPA instance from Oracle Linux 7 to Oracle Linux 8. We previously had an issue with the CA certs on our OL7 FreeIPA server, so the backup/restore functionality did not work for us because even though I thought I had told it only import data which should have ignored the CA certs, the issues we were seeing with the broken CA certs reappeared on the new OL8 instance. So I started over by manually extracting all the relevant info out of the OL7 instance (users/groups/host groups/hbacrules/sudorules/etc/etc/etc) and then using that data to run the necessary ipa commands to enter all the data into the new instance. However, I didn't notice until I was completely done importing all the data into the new instance that there is a new "Default SMB Group" that is created by default in FreeIPA. It appears this group is created as the UID/GID base +1, so in our case where our UIDs/GIDs start at 381200000, and our admin user got UID/GID 381200000 and our first user from our original OL7 instance was setup with UID/GID 381200001. So after getting everything imported and doing the cutover to the new, I noticed that user 38120001's group, which is also set to 38120001 is no longer a private individual group, but instead is this new "Default SMB Group". I didn't even realize this new group was a thing until I saw it on that user's group name, and then I saw that users are not even supposed to be added to that group... Kind of tricky to know to not use a GID that is hidden... Ideally I was hoping I could just move the "Default SMB Group" to another GID. Since 381200001's UID and GID is used extensively throughout our environment, it would be nice if we could let that user retain that GID. But since the "Default SMB Group" is a hidden group, I am not sure how to do this. Alternatively, I suppose I could remove 381200001's user and recreate it with a new UID, but that would require use to change that user's file ownership on all of our systems, which would be a bit of effort. Also, what would happen when I try to remove user 381200001? Normally I would think FreeIPA would also try to remove the default group which is also 381200001, and that might break that "Default SMB Group". So I am apprehensive to do that and break something else. We won't be doing any AD trust associations with this FreeIPA instance, so we don't necessarily even need that "Default SMB Group", but we also don't want that user's files showing up with that as the group name. Can you suggest a way to fix this? Thanks! Will
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
