[Samba] New ADC configuration

Matthew Daubenspeck matt at oddprocess.org
Tue Jul 16 12:38:56 MDT 2013

On Tue, Jul 16, 2013 at 01:16:02PM -0400, Matthew Daubenspeck wrote:
> On Tue, Jul 16, 2013 at 05:22:14PM +0100, Rowland Penny wrote:
> >    Yes, you can use ADUC but you need to have provisioned samba4 with
> >    --use-rfc2307
> >    You can also add the uidNumber & gidNumber with an ldif and ldapmodify
> >    or ldbmodify. Have a look here:
> >    [1]http://linuxcostablanca.blogspot.com.es/2012/02/samba-4-posix-domain
> >    -user.html
> >    Without the uidNumber & gidNumber, using the ad backend, Winbind will
> >    not display any users, with uidNumber & gidNumber, Winbind will only
> >    display the users & groups that have them.
> >    If you do not want to enter the uidNumber etc, have a look at sssd,
> >    this will do all that Winbind does without all the hassle.
> >    Rowland
> That must be the problem. The wiki had no mention of provisioning with
> --use-rfc2307. I'll redo that and try again.

I re provisioned the whole works, rejoined the member server. Now in
ADUC I can see the NIS domain name and UID, as well is being part of a
primary group (after I created one). It works perfectly on the DC
server, but still nothing seems to propagate to the member server.

# id testuser
uid=10001(NWLTECH\testuser) gid=100(users) groups=100(users)

# id testuser
id: testuser: no such user

I've turned the log level to 3, and the only error I see is:

[2013/07/16 14:37:05.757568,  1] ../source3/winbindd/idmap_ad.c:653(idmap_ad_sids_to_unixids)
  Could not get unix ID for SID S-1-5-21-1953420892-2023128348-2744795462-513

And the SIDs change as I query for different users...

More information about the samba mailing list