[Samba] winbind bug?

Doug Tucker tuckerd at lyle.smu.edu
Mon Apr 7 12:55:04 MDT 2014


> This will not work anymore, if it really worked properly before. The 
> schema extension you are referring to, has been a standard part of the 
> AD schema since Windows server 2003R2.
We do not have 2003R2, just 2003.
>
> All your Unix users & groups need to be in AD, then you need to add 
> uidNumber's & gidNumber's, they are NOT added automatically.

Just some background.  For all of the unix usernames that matter, there 
is a corresponding windows account.  Our process here is to create an 
ldap account for any new users, and then taking that info do: net user 
username password /fullname: "name" /add from a command line on the AD 
server to create the user for windows.  Or if I use a script I have to 
batch make a bunch of accounts in ldap, I write that off to a 
windows.txt file, winscp that to the AD box, and then run c:\addusers /c 
windows.txt to batch create the windows accounts.  But, we have never 
done that for the unix groups as there was never a reason for it until 
this.  So my next question is, if the windows guy has created some 
groups that overlap with my unix groups, I assume we will have to 
reconcile that by creating a whole new group for things he was using 
that group name for?  And since I'm still blind to this whole AD thing, 
for unix users that are in multiple groups, does the schema somehow 
allow me to add multiple unix gid attributes for each user or rather 
more like unix does each group have a place where I can add multiple 
uid's to it, or how does that work??  It's really hard to picture this 
stuff in my head having never seen it.
>
> This is the best idea you have had yet, you also need to discuss this 
> with your windows admin. He could actually help you get this to work 
> by showing you how RSAT works.
>
> Rowland
I had to look that term up :).  He doesn't use that.  We just rdp to the 
domain controllers and just work in a terminal.



More information about the samba mailing list