[Samba] Join Samba4 member server to Windows AD

Denis Cardon denis.cardon at tranquil-it-systems.fr
Thu Feb 27 11:24:39 MST 2014

Hi Ismael,

> [global]
>      workgroup = SD1
>      security = ADS
>      realm = SD1.RD.LAN
>      encrypt passwords = yes
> #    idmap config *:backend = tdb
> #    idmap config *:range = 70001-80000
>      idmap config SD1:backend = ad
>      idmap config SD1:schema_mode = rfc2307
>      idmap config SD1:range = 10000-40000
>      winbind nss info = rfc2307
> #    winbind separator = +
>      winbind trusted domains only = no
>      winbind use default domain = yes
>      winbind enum users = yes
>      winbind enum groups = yes
> As you can see I see the users and groups of the root domain (RD.LAN)
> and subdomain2 (SD2.RD.LAN) but nothing about subdomain1 (SD1.RD.LAN)

You specified a idmap configuration for SD1 in your smb.conf file with 
rfc2307, which tells samba looks for uidnumber and gidnumber in active 
directory for SID<->uid/gid mapping. Those attributes are not populated 
by default, so wbinfo does not pick up your SD1 entries.

> also when I execute getent passwd and getent group, I only see the Linux
> users and groups but don't get anything from Windows AD.

In order for getent passwd to work, there have to be a SID<->uid/gid 
mapping, but have not specified any mapping for SD2 domain, only for 
SD1, which actually does not work...

Try to fix your idmap. You may use rid to get a consistent mapping 
between your different servers.

Hope this helps,


> I'm really confused and would appreciate if one you could take a look at
> it and tell me what is missing or wrong or even point me in the right
> direction. I don't have much experience with Samba, so please don't be
> too strict with me XD.

> Thnank you guys!
> Isfelipe

Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0)

More information about the samba mailing list