[Samba] The problem with setting up AD domain to Samba 4

steve steve at steve-ss.com
Wed Jun 19 03:54:26 MDT 2013

On Wed, 2013-06-19 at 10:34 +0100, Rowland Penny wrote:
> The problem is that you are mixing up how samba 4 works with how samba
> 3 works, samba 4 winbind does not work the same as the samba 3
> winbind.
> What you need to do is give your linux users a uidNumber and groups
> like Domain Users a gidNumber, how you do this is up to you, it can be
> done from windows (ADUC?) or by using an ldif on linux, try a web
> search.
> You then need to extract this information on the linux clients, you
> can use winbind, but do not use the rid backend. If do you use the rid
> backend, whilst you will get the same UID for a user on any linux
> client that uses the exact same winbind settings, you will never get
> the same UID on the server.  Using the ad backend will get you the
> same UID where ever you ask for it, but in my opinion is not the way
> to go, try using sssd, it is a lot easier to set up.
> Rowland

Hi Rowland
>From what I can work out from the posts, the OP is trying to do this on
a DC. What I find difficult to get across is the idea of storing stuff
in AD. In cases such as these I really can't see any other way to go.
The OP's idmap is really screwed up. I've had a go via the DC winbind
and the only way I could go with this was to delete the idmap entries
and start again. This is in the other post about an hour or so ago, if
you have any easier way. . .

More information about the samba mailing list