[Samba] getent passwd & getent group returning UID and GID using Winbind 4.1.x series samba

steve steve at steve-ss.com
Tue Jan 14 05:40:50 MST 2014

On Tue, 2014-01-14 at 03:12 +0000, Werthmuller, Derek wrote:
> Just to make sure that I'm on the right path to get this working the way I would like.
> I have a linux file server that has used LDAP the user and group information in the past.  I would like to migrate (recreate) the same users and groups in the samba4 AD DC, adding the UID and GID attributes.  So that I don't have to change the UID and GID permissions on the file servers.
> The migration plan would be to setup the new samba 4 server, get staff to reset their password on the new server.  Then upgrade samba on the file servers, point winbind to the new samba server and the migration at the server level would be done.   Users systems not all mobile and not members of the existing domains - so the scripts they use to connect to the shares would just need to make use of the new domain name in the share connection strings.
> The problems I'm having now are that wbinfo -I username seems to return some mapped version of the AD user ID and group ID and not the UID and GID.
> Account was created with:
> sudo samba-tool user add <username> --uid-number=5000 gid-number=5000 home-directory=/exports/users/<usersname> login-shell=/bin/bash
> Domain was provisioned with:
> sudo /usr/bin/samba-tool domain provision --use-rfc2307 -interactive
> Domain member server smb.conf
>    idmap config DOM : backend = ad
>    idmap config DOM : schema_mode = rfc2307
>    idmap config DOM : range = 500-2000
>    winbind enum users  = yes
>    winbind enum groups = yes
> What am I missing?  idmap_ldb : use rfc2307 = yes

idmap config *:backend = tdb
idmap config *:range =2001-2100

 idmap_ldb : use rfc2307 = yes
(It's the wrong syntax anyway)

May get you close. Or use sssd if not.

More information about the samba mailing list