[Samba] Samba4 domain member

Chris Alavoine chrisa at acs-info.co.uk
Tue Jul 1 03:07:43 MDT 2014

Hi gents,

I have a problem with winbindd uid/gid numbering on my Samba4 domain member

This is my smb.conf:


   netbios name = DOM-MEMBER
   workgroup = EXAMPLE
   security = ADS
   realm = EXAMPLE.COM

   encrypt passwords = yes

   idmap config *:backend = tdb
   idmap config *:range = 500-100000
   idmap config ESSENCE:backend = ad
   idmap config ESSENCE:schema_mode = rfc2307
   idmap config ESSENCE:range = 500-100000

   winbind nss info = rfc2307

   winbind trusted domains only = no
   winbind use default domain = yes
   winbind enum users  = yes
   winbind enum groups = yes

   log level = 0

   vfs objects = acl_xattr
   map acl inherit = Yes
   store dos attributes = Yes

   path = /data/it_support
   read only = no

At first glance this appears to work ok. I am seeing lots of entries with
getent passwd and groups appear to work correctly. However, there appear to
be some anomalies with the uid numbering. For example, one users' uid on
the main DC will be completely different to the same user on my domain
member. A good majority of them are correct which has fooled me into
thinking that the server is good for production, but as we've added other
shares to this machine these discrepancies have become more apparent.

Has anyone else hit similar numbering problems?


ACS (Alavoine Computer Services Ltd)
Chris Alavoine
mob +44 (0)7724 710 730

More information about the samba mailing list