[Samba] samba4 and sssd and user mapping

Rowland Penny rowlandpenny at googlemail.com
Mon Jan 20 08:13:54 MST 2014

On 20/01/14 10:25, Denis Cardon wrote:
> Hi everyone,
> on a server running samba4 with sssd for nsswitch mapping, I realized 
> recently that on windows workstation in the "folder propery/security 
> tab", users are mapped as "Unix user\userlogin" instead of 
> "DOMAINNAME\userlogin".
> I guess this is due to the fact that sssd mapping with getent passwd 
> gives me user name without domain name (eg. userlogin), and in the 
> samba4 smb.conf I don't know how to specify to use default domain, so 
> it probably maps users to DOMAINNAME\userlogin.
> Looking at sssd doc, I didn't find how to add domain name in 
> sssd.conf, and in smb.conf, the only related command is "winbind use 
> default domain", and I'd like to use sssd instead of winbind.
> So I'd like to ask if there is a "use default domain" command for 
> smb.conf without winbind?
> Cheers,
> Denis
Hi, I do not think that this has anything to do with sssd, the problem 
seems to occur only on a windows workstation where sssd is not used. Did 
you create the unix users with samba-tool?

If you did, then this could be where the problem lies, if you create a 
user through ADUC and then add the Unix attributes, ADUC adds the 
following attributes to the user:


I think that it is the lack of at least the first on the list that is 
giving you your problem.

If you think about it, where is 'Unix user' coming from? I think it is 
something windows uses if it cannot get the 'msSFU30NisDomain' but does 
find 'uidNumber'

Try adding the attributes to one of your users and see if it cures your 


More information about the samba mailing list