[Samba] winbind bug?

Rowland Penny rowlandpenny at googlemail.com
Mon Apr 7 11:42:01 MDT 2014 

On 07/04/14 18:01, Doug Tucker wrote:
>
>>
>> You are trying to connect linux clients to a windows AD server, is 
>> this correct?
>>
>> Rowland
> No.  I have a samba server 3.033 joined to a windows 2003 AD with a 
> mix of clients.  All works fine.

> I installed a 3.6.9 that works for all users except those with unix 
> id's >11k and win7 clients.

What you have there is a Unix member server, all your Unix users & 
groups need to be in AD with uidNumber's & gidNumbers
> I have all unix users/groups in /etc/passwd and /etc/group on the 
> samba server.  With 3.033 and earlier just passing to AD for 
> authentication and then using the local /etc/pass/group for all other 
> attributes (uid, gid, home directory) always worked.  This group (and 
> you especially) made me aware this doesn't work anymore with the newer 
> samba's and I need the unix uid in AD through some schema extention I 
> have links to (but to date no real understanding of what it means).
This will not work anymore, if it really worked properly before. The 
schema extension you are referring to, has been a standard part of the 
AD schema since Windows server 2003R2.

> I got confused and couldn't determine for myself through reading 
> whether I was going to have to import all of my unix groups into AD 
> and if this schema extension then added a unix attribute to all of the 
> groups that I then put the unix gid into or not.

All your Unix users & groups need to be in AD, then you need to add 
uidNumber's & gidNumber's, they are NOT added automatically.


> My plan was to somehow try to install an AD somewhere (yeah, that 
> should be interesting seeing as the last time I even installed windows 
> on a desktop was probably windows 2000)  so I could test and if I 
> could get it working I would have some backup plan in case a client 
> upgrade to win 7 causes my existing samba to fail.
This is the best idea you have had yet, you also need to discuss this 
with your windows admin. He could actually help you get this to work by 
showing you how RSAT works.

Rowland

More information about the samba mailing list