[Samba] Winbind question

Bruno MACADRE bruno.macadre at univ-rouen.fr
Mon Aug 11 12:26:12 MDT 2014


Strange, since only users with uid are shown with getent password, 
groups are shown only if others have gid.... I don't know if it can be 
called a bug, but thanks for the tips, I'll try it tomorrow.

Best regards,
Bruno


Le 11/08/2014 19:27, Rowland Penny a écrit :
> Known problem, not sure whether you can call it a bug. If you want 'getent
> group' to work like 'getent passwd', you seemingly have to give ALL your
> groups a gidNumber.
>
> Rowland
>
>
> On 11 August 2014 18:04, Bruno MACADRÉ <bruno.macadre at univ-rouen.fr> wrote:
>
>> Thanks for all answers,
>>
>> I've added unix attributes to user foo by usnig ldbmodify and it appears
>> on getent passwd (with idmap backend = ad), I've done same with my "domain
>> users" group (added only gidNumber attribute) but it don't appear with
>> getent group, but with 'getent group "domain users"' the group appears
>> fine.... may be a bug between getent, nss and winbind....
>>
>> At last.... it works (except 'getent group'... but chown, chgrp, ...
>> works) !
>>
>> Thanks all
>> Regards,
>> Bruno
>>
>> Le 11/08/2014 18:20, Rowland Penny a écrit :
>>
>>> Hi, glad to see that you have got it working and the answer to your
>>> question is YES.
>>>
>>> If you use ADUC to create users and then update them via the
>>> UNIX-Attributes, the first time you do this a couple of missing attributes
>>> get added:
>>> msSFU30MaxUidNumber and msSFU30MaxGidNumber
>>>
>>> Guess what they do ?
>>>
>>> Yes, that's right, they store the next uidNumber & gidNumber, so by using
>>> an ldif you can easily write a script around ldbmodify to add the required
>>> SFU attributes (you could easily done this even if you have 500 users)
>>>
>>> Rowland
>>>
>>>
>>>
>>> On 11 August 2014 16:49, Ryan Ashley <ryana at reachtechfp.com> wrote:
>>>
>>>   So you're saying that even though the ad backend is working, you'd still
>>>> have to do this manually? Mine all have ID's I entered manually, but I do
>>>> not have that many users. Is there possibly a way to add a script that
>>>> runs
>>>> on user creation that will find the first free ID in a range and set it
>>>> for
>>>> that user's uidNumber and gidNumber?
>>>>
>>>> On 08/11/2014 11:47 AM, steve wrote:
>>>>
>>>>   On Mon, 2014-08-11 at 17:26 +0200, Bruno MACADRÉ wrote:
>>>>>    I can't specify all POSIX attributes with
>>>>>
>>>>>> ADUC over about 5000 users by hand....
>>>>>>
>>>>>>
>>>>>    I will fallback to rid idmap backend... it works fine
>>>>> Hi
>>>>> If you don't mind ids that differ between machines, then rid is the way
>>>>> to go. Otherwise, script from your working rid output using getent
>>>>> passwd, cut the (nice friendly colon delimited) id and then ldbmodify it
>>>>> into AD as uidNumber. Any new users, just remember to add the values
>>>>> when you create them.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>   --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>> --
>>
>> Bruno MACADRE
>> -------------------------------------------------------------------
>>   Ingénieur Systèmes et Réseau     | Systems and Network Engineer
>>   Département Informatique         | Department of computer science
>>   Responsable Info SER             | SER IT Manager
>>   Université de Rouen              | University of Rouen
>> -------------------------------------------------------------------
>> Coordonnées / Contact :
>>          Université de Rouen
>>          Faculté des Sciences et Techniques - Madrillet
>>          Avenue de l'Université
>>          CS 70012
>>          76801 St Etienne du Rouvray CEDEX
>>          FRANCE
>>
>>          Tél : +33 (0)2-32-95-51-86
>>          Mob : +33 (0)6-74-71-45-64
>> -------------------------------------------------------------------
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba



More information about the samba mailing list