Samba4 wbinfo -i output

steve steve at
Mon May 7 06:55:05 MDT 2012

On 2012-05-06 22:24, steve wrote:
 > On 05/06/2012 07:58 PM, Gémes Géza wrote:
 >> On 2012-05-06 18:08, steve wrote:
 >>> On 05/06/2012 03:58 PM, Gémes Géza wrote:
 >>>> On 2012-05-06 11:43, steve wrote:
 >>>>> On 06/05/12 10:10, Gémes Géza wrote:
 >>>>>> On 2012-05-06 09:43, steve wrote:
 >>>>>>> On 05/06/2012 09:22 AM, Andrew Bartlett wrote:
 >>>>>>>> On Sun, 2012-05-06 at 09:06 +0200, steve wrote:
 > There is
 > currently a bug in the schema which does not remove the memberOf
 > attribute when changing primaryGroupID. This is the subject of another
 > thread here. The workaround is to run samba-tool dbcheck --fix after
 > changing group ids.
 > We add 20000 to the rid of the primaryGroup to make it more readable
 > and to stop it colliding with our local groups. All based upon an idea
 > by Geza back in December:-) We call it s4bind. Details here:
 > Cheers,
 > Steve
Hi Steve,

That is really good news for me, because this summer I plan to migrate
our Samba3+OpenLDAP+Heimdal KDC on the server and pam-krb5/nss-ldapd on
the *nix clients to Samba4, so it will be less hassle to migrate the



Hi Geza
Pls note you need at least v0.8.4 of ldapd to get the group member 
mappings from AD.

Also, there seems to be some confusion over what it's called. The Samba 
guys here think we're talking nss-ldap (with which none of this is 

openSUSE calls it nss-pam-ldapd
Ubuntu and Debian has two packages to do the same:
libnss-ldapd and libpam-ldapd
RedHutPizza has something else. . .

The source is here:


More information about the samba-technical mailing list