[Samba] WINBIND: UID and GID false mappings on domain member
rawi
only4com at web.de
Fri Aug 12 17:42:54 UTC 2016
> Just provisioning with --rfc2307 isn't enough, you personally need to
> add any required RFC2307 attributes.
But you see my test user has his attributes. From samba-tool. Do you mean
the basic objects, the templates for the user and group? If yes, how to do
it?
> Can I suggest you put dnsupdate back and then setup bind9 on the DC
> correctly.
I will...
> You must be using an old version of samba-tool, it doesn't do that now.
Version 4.3.9 from the last fresh ubuntu LTS.
And I asked on FreeNode, they would not upgrade to the 4.4. branch if 4.3
hasn't bugs...
> No they are not:
>
> dn: CN=test,CN=Users,DC=humgen,DC=0zone
> ......
> primaryGroupID: 513
Oh, I hoped winbind would give me:
uidNumber: 9439
gidNumber: 5001
... from the posix attributes
> This makes the users primary group 'Domain Users' and as such, the
> primary group must have a gidNumber, or all your users will be ignored
> by winbind. Do not think of changing the users primaryGroupID, windows
> expects all users to be members of 'Domain Users'
I'll remember this
How would behave a group mapping of "domain users" on my group 5001
(hg_allg) ?
> No, just that you have set up Samba incorrectly, you are trying to use
> AD like you used your old NT4-style domain.
>
> Can I suggest that you go and read the Samba wiki:
OK, I'll set dnsupdate back and all the rest new.
I tryed to find my way around the problem with the data's posix rights.
Would be sssd a better fit for this?
Can you think of a work around, to transfer the current data with the old
unix UID/GID, so that the users will see it the same?
How should I define the new created users for this?
Thank you Rowland!
--
View this message in context: http://samba.2283325.n4.nabble.com/WINBIND-UID-and-GID-false-mappings-on-domain-member-tp4706553p4706568.html
Sent from the Samba - General mailing list archive at Nabble.com.
More information about the samba
mailing list