[Samba] AD uid/gid attributes

Michael Ray mray at xes-inc.com
Wed Feb 6 13:06:43 MST 2013

Hey all- 

I know this kind of post has come up before, but I was unable to get results following previous postings, so if anyone can shed a little light on this, I'd be very grateful: 

The gist of the situation is this: 
PDC: Samba4 [4.1.0pre1-GIT-394622e ] 
Member: Samba3 (being used as a file share server) [3.6.3-2ubuntu2.3] 

The Samba3 machine is joined to the domain and authenticates domain users successfully for both ssh and local logins via winbind/nss/pam. 
However, the UID/GID attribute, although expressed in AD, is not the same. 
On the Samba4 machine itself I can use "getent" and verify the proper uid/gid. 

As I understand it though , when samba3 queries AD for information, by default its just authenticating user / password. It then makes a local UID/GID based on the range and backend specified in smb.conf. 

I saw one post talking about using LDAP to query UID/GID information from AD instead of a local idmap, but was unable to get it to work. 
I don't really want to add more overhead (i.e. LDAP) to this process if it can be avoided but will look at it again if there is no other way. 

Here is a pastebin of the smb.conf on the samba3 server: http://pastebin.com/GrwUDCJ2 

So to anyone who can point me in the right direction / let me know what worked for them, again, I'd be grateful. 

Mike Ray 

More information about the samba mailing list