[Samba] [Samba 4] Issues with uidNumber and gidNumber in AD for Linux clients

Gémes Géza geza at kzsdabas.hu
Tue Jan 22 11:45:15 MST 2013

2013-01-22 15:52 keltezéssel, Fred F írta:
> Hi,
> I am still experimenting with Samba 4 and I'd like to serve both
> Windows and Linux clients with Samba (standalone AD server). The
> Windows-side is already working well. For serving Linux-clients I need
> to store the users' uidNumber and gidNumber in the Active Directory.
> This is how I do that:
> 1. Create a user "test" with samba-tool
> 2. Get the internal UID which was assigned to this user by Samba through wbinfo
> 3. Add the UID to CN=test,CN=Users,CN=DOMAIN as uidNumber
> 4. Add gidNumber=100 (Domain Users) to CN=test,CN=Users,CN=DOMAIN
> With the correct nss_ldap setup (mainly attribute mappings) the Linux
> boxes can now get their passwd/shadow/group information directly from
> AD. The Linux user now has the exact same attributes and groups as the
> Windows user.
> Now the issue is that Samba needs a group with the same gidNumber as
> the uidNumber for each user to work correctly in this setup (see why
> in #9521 [1]). The only logical way of doing that is storing this
> gidNumber as the user's primary group in the AD. This way the user
> loses the membership in the group "Domain Users" (gidNumber 100),
> though - at least on the Linux side.
> Are there any thoughts on how to solve this? Is this maybe a Samba
> issue or is my setup just wrong?
> Regards,
> Frederik
> [1] https://bugzilla.samba.org/show_bug.cgi?id=9521
I don't agree, because users can be members of multiple groups, not just 
the group identified as their primary group


Geza Gemes

More information about the samba mailing list