[Samba] winbind: homeDirectory being ignored

[Brian Candler]

 > Your user doesn't have a 'gidNumber' winbind seems to need the 
'gidNumber' attribute before it extracts all the users info from AD.

gitNumber seems to be ignored:

root at dc1:~# samba-tool user add user8 Abcd1234 --uid-number=1008 
--home-directory=/home/user8 --login-shell=/bin/bash --gid-number=1008

root at adclient:~# getent passwd user8
user8:*:1008:70001:user8:/home/ADTEST/user8:/bin/bash

ldapsearch shows:
...
uidNumber: 1008
gidNumber: 1008
loginShell: /bin/bash
...

Maybe gidNumber has to correspond to a real group object?

The "domain users" group is this object:

# Domain Users, Users, adtest.int.example.net
dn: CN=Domain Users,CN=Users,DC=adtest,DC=int,DC=example,DC=net
objectClass: top
objectClass: group
cn: Domain Users
description: All domain users
instanceType: 4
whenCreated: 20140618075445.0Z
whenChanged: 20140618075445.0Z
uSNCreated: 3541
uSNChanged: 3541
name: Domain Users
objectGUID:: tY04KF2fXEyFT/9qBdevHw==
objectSid:: AQUAAAAAAAUVAAAAZ5nUF79P8gY2aC90AQIAAA==
sAMAccountName: Domain Users
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: 
CN=Group,CN=Schema,CN=Configuration,DC=adtest,DC=int,DC=exampl
  e,DC=net
isCriticalSystemObject: TRUE
memberOf: CN=Users,CN=Builtin,DC=adtest,DC=int,DC=example,DC=net
distinguishedName: CN=Domain 
Users,CN=Users,DC=adtest,DC=int,DC=example,DC=net

So do I need to add a gidNumber attribute to this entry? Or create a new 
group?

Unfortunately I'm doing this without any Windows tools, and "samba-tool 
group add" doesn't have a --gid-number flag.

So I tried adding gidNumber to the group:

root at dc1:~# cat mod.ldif
dn: CN=Domain Users,CN=Users,DC=adtest,DC=int,DC=example,DC=net
changetype: modify
add: gidNumber
gidNumber: 1008
-

root at dc1:~# ldapmodify -f mod.ldif

ldapsearch confirms it's there, but no difference to the result. I also 
tried adding objectClass: posixGroup to this, still no effect.

Any more suggestions?

Regards,

Brian.