I recently attached a RHEL 5 test box to our active directory server to try and get all of our users to not have to remember so many passowrds. I'm using winbind and samba and everything seems to be working ok, but I've noticed any user account that didn't exist locally on the linux server received the default group of 'domain users' I'd like to be able to change which default group users get assigned off of active directory but I haven't been able to find a guide explaining how to do that.
I'm not the Active Directory admin but I know that 'domain users' is the primary group for all users in AD and I don't think that needs to change.
Thanks
In AD Users and Groups, you can hit the Member Of tab, select a group and hit "Set Primary Group" to change their primary group. This carries through Samba/winbind just fine in my experience. Note that this will only work with "Security Groups", and not "Distribution Groups".
I solved the situation by making sure that any directory these new users will be accessing belongs to a group they are in and keeping things separate that way.