[Samba] Failing to get uids from AD

Nick Triantos nick at triantos.com
Sat Jul 14 10:50:09 MDT 2012


I'm still having trouble getting Samba 3.6.3 / Winbind to fetch UIDs from AD 2008 R2 with the Services for Unix feature installed. My users have uidNumber fields which contain the UIDs I want. I'm on Ubuntu 12.04

The global part of my smb.conf. I've tried changing 'winbind nss info' and 'schema_mode' to sfu as well.

   security = ADS
   realm = CORP.mycompany.COM
   allow trusted domains = yes
   winbind use default domain = yes
   winbind nested groups = YES
   winbind enum groups = yes
   winbind enum users = yes
   winbind nss info = rfc2307
   winbind refresh tickets = yes
   idmap config CORP : backend = ad
   idmap config CORP : schema_mode = rfc2307
   #idmap config * : backend = tdb
   idmap config * : default = yes
   idmap config * : range = 900 - 99999

Each time I re-test, I delete the files:

My users always come back with an id in the range mapped above (900+), even though their IDs should actually be 1000+.

When I run an ldapsearch query, I get back results for my users that include (as well as other fields):
   sAMAccountName: ross
   userPrincipalName: ross at corp....
   lockoutTime: 0
   objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=corp,...
   uid: ross
   mail: ross at ...
   msSFU30Name: ross
   msSFU30NisDomain: corp
   uidNumber: 1006
   gidNumber: 100
   unixHomeDirectory: /home/ross
   loginShell: /bin/bash

Any suggestions of things I can try are greatly appreciated.


More information about the samba mailing list