[Samba] Samba4 binding LDAP Server

steve steve at steve-ss.com
Mon Jun 2 09:07:01 MDT 2014

On Mon, 2014-06-02 at 15:36 +0100, Rowland Penny wrote:
> On 02/06/14 15:22, Danilo Mussolini wrote:
> >
> > No, for sure they aren't. This user and groups only exist in the LDAP 
> > database.
> >
> Then this could well be your problem, It has been sometime since I 
> worked with a samba3 server (and this is what you have, even if you are 
> using Samba4) and I seem to remember that all LDAP users also had to be 
> Unix users. Without LDAP users also being Unix users, the underlying 
> Unix system did not know who the LDAP users & groups were.

But group information can be stored in ldap too. So long as ldap is
specified as a nss option and ldap is running, user and group
information can equally well come from there. e.g. /etc/nsswitch.conf
could contain:
passwd: files ldap
group: files ldap
The user nor group should should exist in either of /etc/(passwd OR
group) and ldap and the user uid:gid pair must not coincide with any
local user. As with AD, ldap schemas can specify group memberships too.
e.g. rfc2307bis has member from posixGroup and memberOf from

More information about the samba mailing list