[Samba] Linux, Windows AD domain, and IDs

Scott Ehrlich srehrlich at gmail.com
Mon Dec 6 22:27:10 MST 2010

I have a Windows 200x AD Server and have a Linux box as a client
connected to the Windows domain having modified the native Kerberos,
smb.conf, and other files (not using Likewise).

It logs in to the domain fine and everything is happy.

There are NO local accounts in /etc/passwd except for the defaults out
of the box.   Authentication relies on the accounts of the Windows

I have no authority on the server except to add or remove computers.

Login accounts take the form, for example, initials and a number: se123456

I want my uid to reflect 123456.

I spent about an hour or two playing with various configurations and
options of idmap and winbind.   Along the way, some testing revealed:

getent passwd my_ad_account returned almost all appropriate values,
but the uid and gid were both 10000, clearly not correct.

wbinfo -n my_ad_account returned my correct sid (I think that was the
wbinfo syntax used.  In any event, whatever syntax I used for me
returned the correct sid.

So we know the system can see me - I just need the uid to be accurate.

As an update, I need the uid to return the numeric portion of my
ad_account username, so if I am se123456, I need the uid to return
123456, thus getent passwd would show se123456:x:123456:blah....



More information about the samba mailing list