Samba AD DC and winbindd

Rowland Penny repenny241155 at
Fri Feb 26 16:46:56 UTC 2016

On 26/02/16 14:27, mathias dufresne wrote:
> Sorry to come into but removing a potentially useful option because of lack
> of documentation on some other part of Samba seems to me a strange
> decision...

Yes it would seem that the docs do need updating, but to tell sysadmins 
that you cannot have a user 'foo' in /etc/passwd *and* AD if you have 
'winbind use default domain = yes' in smb.conf.
If you don't have the line in smb.conf, you can have a user 'foo' in 
both /etc/passwd and AD, but the AD user will be shown as 'DOMAIN\foo'. 
I have never tried it, but you should be able to log in as either 'foo' 
or 'DOMAIN\foo', just like on a windows PC, this sort of explains why 
the default home directory on a DC is '/home/DOMAIN/%U'. I also believe 
that you should be able to map the AD user 'DOMAIN\foo' to the Unix user 
'foo' via a username map.

If you do have the line in smb.conf, then the AD user 'foo' becomes the 
Unix user 'foo', hence you cannot create a Unix user called 'foo' in 
/etc/passwd, this is because, as far as the Unix machine is concerned, 
the user already exists.


More information about the samba-technical mailing list