Is there a procedure to reassign the "Default SMB Group" to a different GID? And if so, will there automatically be another 381200001 group already there but hidden until we reassign it? I'm just trying to figure out what all I will need to do fix here, and how to actually do it.
Thanks! -----Original Message----- From: Alexander Bokovoy <[email protected]> Sent: Tuesday, October 21, 2025 1:01 AM To: FreeIPA users list <[email protected]> Cc: Schrier, William (Contractor) <[email protected]> Subject: Re: [Freeipa-users] Re: accidentally overloaded the "Default SMB Group" On Пан, 20 кас 2025, Schrier, William (Contractor) via FreeIPA-users wrote: > Any update/thoughts on this? > > > > > > > > From: Schrier, William (Contractor) > > Sent: Monday, September 8, 2025 1:45 PM > > To: [email protected] > > Subject: accidentally overloaded the "Default SMB Group" > > > > > > > > I recently migrated my FreeIPA instance from Oracle Linux 7 to Oracle > > Linux 8. We previously had an issue with the CA certs on our OL7 FreeIPA > > server, so the backup/restore functionality did not work for us because > > even though I thought I had told it only import data which should have > > ignored the CA certs, the issues we were seeing with the broken CA certs > > reappeared on the new OL8 instance. So I started over by manually > > extracting all the relevant info out of the OL7 instance > > (users/groups/host groups/hbacrules/sudorules/etc/etc/etc) and then using > > that data to run the necessary ipa commands to enter all the data into the > > new instance. > > > > > > > > However, I didn’t notice until I was completely done importing all the > > data into the new instance that there is a new “Default SMB Group” that is > > created by default in FreeIPA. It appears this group is created as the > > UID/GID base +1, so in our case where our UIDs/GIDs start at 381200000, > > and our admin user got UID/GID 381200000 and our first user from our > > original OL7 instance was setup with UID/GID 381200001. So after getting > > everything imported and doing the cutover to the new, I noticed that user > > 38120001’s group, which is also set to 38120001 is no longer a private > > individual group, but instead is this new “Default SMB Group”. I didn’t > > even realize this new group was a thing until I saw it on that user’s > > group name, and then I saw that users are not even supposed to be added to > > that group… Kind of tricky to know to not use a GID that is hidden… > > > > > > > > Ideally I was hoping I could just move the “Default SMB Group” to another > > GID. Since 381200001’s UID and GID is used extensively throughout our > > environment, it would be nice if we could let that user retain that GID. > > But since the “Default SMB Group” is a hidden group, I am not sure how to > > do this. > > > > > > > > Alternatively, I suppose I could remove 381200001’s user and recreate it > > with a new UID, but that would require use to change that user’s file > > ownership on all of our systems, which would be a bit of effort. Also, > > what would happen when I try to remove user 381200001? Normally I would > > think FreeIPA would also try to remove the default group which is also > > 381200001, and that might break that “Default SMB Group”. So I am > > apprehensive to do that and break something else. > > > > > > > > We won’t be doing any AD trust associations with this FreeIPA instance, so > > we don’t necessarily even need that “Default SMB Group”, but we also don’t > > want that user’s files showing up with that as the group name. > > > > > > > > Can you suggest a way to fix this? > You can move it to other values as you wish. You cannot remove the group as it is used internally but the actual POSIX GID can be updated to any value within existing ID ranges. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
