[Samba] Winbind question

Bruno MACADRÉ bruno.macadre at univ-rouen.fr
Mon Aug 11 08:21:22 MDT 2014


I successfully set up an AD DC, and now, I want to join a file server as 
member in this domain.

I followed this tutorial : 

All works fine, my server join my AD without problem, samba starts fine 
and winbind too. But when I look at my domain users, the uid/gid 
returned by winbind are in the TDB range instead of the AD range.....

This is my smb.conf :

    netbios name = filzen
    workgroup = SAMDOM
    security = ADS
    realm = SAMDOM.FR
    encrypt passwords = yes

    log level = 10

    template homedir = /home/%U
    template shell = /bin/bash

    winbind use default domain = yes
    winbind enum users  = yes
    winbind enum groups = yes

    idmap config SAMDOM:backend = ad
    idmap config SAMDOM:range = 20001-70000
    idmap config SAMDOM:default = yes
    idmap config *:backend = tdb
    idmap config *:range = 70001-80000

If I type :
# wbinfo -i administrator

I get :

If I create a user (foo) and trying to obtain his informations :
# wbinfo -i foo

I get:

Why winbind doen't use AD range instead of TBD range ? And even if I 
must use TDB range is there a certainty that this uid/gid are the same 
over all members ?

Another clue : If I use SAMDOM:backend = rid the users receive a uid/gid 
in SAMDOM range and not in TDB range (maybe a bug in ad backend ?)

Thanks for any answers


  Ingénieur Systèmes et Réseau     | Systems and Network Engineer
  Département Informatique         | Department of computer science
  Responsable Info SER             | SER IT Manager
  Université de Rouen              | University of Rouen
Coordonnées / Contact :
	Université de Rouen
	Faculté des Sciences et Techniques - Madrillet
	Avenue de l'Université
	CS 70012
	76801 St Etienne du Rouvray CEDEX

	Tél : +33 (0)2-32-95-51-86
	Mob : +33 (0)6-74-71-45-64

More information about the samba mailing list