[Samba] New ADC configuration

Matthew Daubenspeck matt at oddprocess.org
Wed Jul 17 12:49:03 MDT 2013

On Wed, Jul 17, 2013 at 12:31:54PM +0200, Ali Bendriss wrote:
>    The last time I was having this kind of error, it was because I haven't
>    setup the gid number for the primary group for each users (domain
>    users).
>    I ended changing the gid of domain users for something high (the
>    default for provision is 100) so my idmap range for idmap_ad doesn't
>    have to go as lower as 100. And then I gave all the users the new
>    configured gid number.
>    it may be useful to run net cache flush on the member server while
>    doing the test.
>    you set idmap config NWLTECH:range = 500-40000
>    but the default gid for domain user is 100 so I think that you need to
>    change it (see above) or adapt your range.

The last thing it has to be is something with Arch Linux. I removed all
their samba packages and rolled from source and it does the EXACT same
thing. I then fired up a quick and dirty Ubuntu LTS VM, installed some
samba 4.0.6 packages from a PPA, and it worked. First try. I didn't even
have to set uid/gid numbers for the users. getent passwd displays all
domain users and:

$ id testuser3
uid=70009(testuser3) gid=70001(domain users) groups=70001(domain

grabs all the info properly and gives them proper uid/gid as per the
ranges in smb.conf. I guess I'll rework everything with Ubuntu, although
I'm not overly crazy about using older packages. But if it works, whom
am I to argue? I don't know what else could possibly be wrong with

Do users created still need a uid/gid added in the UNIX Attributes tab?

Thanks a ton to everyone that offered help, I really appreciate the

More information about the samba mailing list