[Samba] [Samba 4] Issues with uidNumber and gidNumber in AD for Linux clients

Fred F frederik.vogelsang at gmail.com
Tue Jan 22 07:52:02 MST 2013


I am still experimenting with Samba 4 and I'd like to serve both
Windows and Linux clients with Samba (standalone AD server). The
Windows-side is already working well. For serving Linux-clients I need
to store the users' uidNumber and gidNumber in the Active Directory.

This is how I do that:
1. Create a user "test" with samba-tool
2. Get the internal UID which was assigned to this user by Samba through wbinfo
3. Add the UID to CN=test,CN=Users,CN=DOMAIN as uidNumber
4. Add gidNumber=100 (Domain Users) to CN=test,CN=Users,CN=DOMAIN

With the correct nss_ldap setup (mainly attribute mappings) the Linux
boxes can now get their passwd/shadow/group information directly from
AD. The Linux user now has the exact same attributes and groups as the
Windows user.

Now the issue is that Samba needs a group with the same gidNumber as
the uidNumber for each user to work correctly in this setup (see why
in #9521 [1]). The only logical way of doing that is storing this
gidNumber as the user's primary group in the AD. This way the user
loses the membership in the group "Domain Users" (gidNumber 100),
though - at least on the Linux side.

Are there any thoughts on how to solve this? Is this maybe a Samba
issue or is my setup just wrong?


[1] https://bugzilla.samba.org/show_bug.cgi?id=9521

More information about the samba mailing list