Schrier, William (Contractor) via FreeIPA-users wrote: > Is there a procedure to reassign the "Default SMB Group" to a different GID? > And if so, will there automatically be another 381200001 group already there > but hidden until we reassign it? I'm just trying to figure out what all I > will need to do fix here, and how to actually do it.
The group isn't displayed by default because it lacks some of the objectclasses that a typical group has. You can see the current value by ipa group-show "Default SMB Group". If you want to be extra careful you can add a new group, note the gid, delete that group then set that gid for "Default SMB Group". That will ensure that the value hasn't been given out to a different live entry. ipa group-mod "Default SMB Group" --gid <value> rob > > Thanks! > > -----Original Message----- > From: Alexander Bokovoy <[email protected]> > Sent: Tuesday, October 21, 2025 1:01 AM > To: FreeIPA users list <[email protected]> > Cc: Schrier, William (Contractor) <[email protected]> > Subject: Re: [Freeipa-users] Re: accidentally overloaded the "Default SMB > Group" > > On Пан, 20 кас 2025, Schrier, William (Contractor) via FreeIPA-users wrote: >> Any update/thoughts on this? >> >> >> >> >> >> >> >> From: Schrier, William (Contractor) >> >> Sent: Monday, September 8, 2025 1:45 PM >> >> To: [email protected] >> >> Subject: accidentally overloaded the "Default SMB Group" >> >> >> >> >> >> >> >> I recently migrated my FreeIPA instance from Oracle Linux 7 to Oracle >> >> Linux 8. We previously had an issue with the CA certs on our OL7 FreeIPA >> >> server, so the backup/restore functionality did not work for us because >> >> even though I thought I had told it only import data which should have >> >> ignored the CA certs, the issues we were seeing with the broken CA certs >> >> reappeared on the new OL8 instance. So I started over by manually >> >> extracting all the relevant info out of the OL7 instance >> >> (users/groups/host groups/hbacrules/sudorules/etc/etc/etc) and then using >> >> that data to run the necessary ipa commands to enter all the data into the >> >> new instance. >> >> >> >> >> >> >> >> However, I didn’t notice until I was completely done importing all the >> >> data into the new instance that there is a new “Default SMB Group” that is >> >> created by default in FreeIPA. It appears this group is created as the >> >> UID/GID base +1, so in our case where our UIDs/GIDs start at 381200000, >> >> and our admin user got UID/GID 381200000 and our first user from our >> >> original OL7 instance was setup with UID/GID 381200001. So after getting >> >> everything imported and doing the cutover to the new, I noticed that user >> >> 38120001’s group, which is also set to 38120001 is no longer a private >> >> individual group, but instead is this new “Default SMB Group”. I didn’t >> >> even realize this new group was a thing until I saw it on that user’s >> >> group name, and then I saw that users are not even supposed to be added to >> >> that group… Kind of tricky to know to not use a GID that is hidden… >> >> >> >> >> >> >> >> Ideally I was hoping I could just move the “Default SMB Group” to another >> >> GID. Since 381200001’s UID and GID is used extensively throughout our >> >> environment, it would be nice if we could let that user retain that GID. >> >> But since the “Default SMB Group” is a hidden group, I am not sure how to >> >> do this. >> >> >> >> >> >> >> >> Alternatively, I suppose I could remove 381200001’s user and recreate it >> >> with a new UID, but that would require use to change that user’s file >> >> ownership on all of our systems, which would be a bit of effort. Also, >> >> what would happen when I try to remove user 381200001? Normally I would >> >> think FreeIPA would also try to remove the default group which is also >> >> 381200001, and that might break that “Default SMB Group”. So I am >> >> apprehensive to do that and break something else. >> >> >> >> >> >> >> >> We won’t be doing any AD trust associations with this FreeIPA instance, so >> >> we don’t necessarily even need that “Default SMB Group”, but we also don’t >> >> want that user’s files showing up with that as the group name. >> >> >> >> >> >> >> >> Can you suggest a way to fix this? >> > > You can move it to other values as you wish. You cannot remove the group > as it is used internally but the actual POSIX GID can be updated to any > value within existing ID ranges. > -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
