[Samba] Winbind question

Rowland Penny rowlandpenny at googlemail.com
Mon Aug 11 11:27:35 MDT 2014 

Known problem, not sure whether you can call it a bug. If you want 'getent
group' to work like 'getent passwd', you seemingly have to give ALL your
groups a gidNumber.

Rowland


On 11 August 2014 18:04, Bruno MACADRÉ <bruno.macadre at univ-rouen.fr> wrote:

> Thanks for all answers,
>
> I've added unix attributes to user foo by usnig ldbmodify and it appears
> on getent passwd (with idmap backend = ad), I've done same with my "domain
> users" group (added only gidNumber attribute) but it don't appear with
> getent group, but with 'getent group "domain users"' the group appears
> fine.... may be a bug between getent, nss and winbind....
>
> At last.... it works (except 'getent group'... but chown, chgrp, ...
> works) !
>
> Thanks all
> Regards,
> Bruno
>
> Le 11/08/2014 18:20, Rowland Penny a écrit :
>
>> Hi, glad to see that you have got it working and the answer to your
>> question is YES.
>>
>> If you use ADUC to create users and then update them via the
>> UNIX-Attributes, the first time you do this a couple of missing attributes
>> get added:
>> msSFU30MaxUidNumber and msSFU30MaxGidNumber
>>
>> Guess what they do ?
>>
>> Yes, that's right, they store the next uidNumber & gidNumber, so by using
>> an ldif you can easily write a script around ldbmodify to add the required
>> SFU attributes (you could easily done this even if you have 500 users)
>>
>> Rowland
>>
>>
>>
>> On 11 August 2014 16:49, Ryan Ashley <ryana at reachtechfp.com> wrote:
>>
>>  So you're saying that even though the ad backend is working, you'd still
>>> have to do this manually? Mine all have ID's I entered manually, but I do
>>> not have that many users. Is there possibly a way to add a script that
>>> runs
>>> on user creation that will find the first free ID in a range and set it
>>> for
>>> that user's uidNumber and gidNumber?
>>>
>>> On 08/11/2014 11:47 AM, steve wrote:
>>>
>>>  On Mon, 2014-08-11 at 17:26 +0200, Bruno MACADRÉ wrote:
>>>>
>>>>   I can't specify all POSIX attributes with
>>>>
>>>>> ADUC over about 5000 users by hand....
>>>>>
>>>>>
>>>>   I will fallback to rid idmap backend... it works fine
>>>> Hi
>>>> If you don't mind ids that differ between machines, then rid is the way
>>>> to go. Otherwise, script from your working rid output using getent
>>>> passwd, cut the (nice friendly colon delimited) id and then ldbmodify it
>>>> into AD as uidNumber. Any new users, just remember to add the values
>>>> when you create them.
>>>>
>>>>
>>>>
>>>>
>>>>  --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>
> --
>
> Bruno MACADRE
> -------------------------------------------------------------------
>  Ingénieur Systèmes et Réseau     | Systems and Network Engineer
>  Département Informatique         | Department of computer science
>  Responsable Info SER             | SER IT Manager
>  Université de Rouen              | University of Rouen
> -------------------------------------------------------------------
> Coordonnées / Contact :
>         Université de Rouen
>         Faculté des Sciences et Techniques - Madrillet
>         Avenue de l'Université
>         CS 70012
>         76801 St Etienne du Rouvray CEDEX
>         FRANCE
>
>         Tél : +33 (0)2-32-95-51-86
>         Mob : +33 (0)6-74-71-45-64
> -------------------------------------------------------------------
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list