[Samba] Samba 4 - nslcd setup on Debian

steve steve at steve-ss.com
Wed Sep 4 11:02:06 MDT 2013

On Wed, 2013-09-04 at 17:53 +0100, Chris Alavoine wrote:
> Hi folks,
> Have been battling with this for a while.
> I have a Debian 6/Samba 4 install working nicely. Have migrated my old
> Samba 3 domain and can see all users/groups via AD management tools fine.
> I am now trying to get the *nix side sorted. Have followed the guide here:
> https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd
> Which works up to a point. All users and groups and visible with getent
> etc, but any new user that are created are not seen. Any existing
> user/group updates are reflected but if I create a new user and then do
> getent group | grep user
> I get nothing, same with "id -Gn user" or "groups user".
> If I do:
> samba-tool user list | grep user
> The user is found and I can see it using RSAT tools from a Windows Server
> 2008 R2 box.
> Any suggestions?

Your old users had rfc2307 attributes but your new ones do not. When you
create the new user, you have to give him rfc2307 attributes such as
uidNumber and gidNumber. In later releases, you can use samba-tool to do
this. Otherwise you can use ldbedit or ldbmodify. I doubt whether your
debian install is recent enough. There are scripts here:
I'd recommend building from source.

More information about the samba mailing list