[Samba] winbindd 4.1.7 resolves group memberships for all but primary group

Rowland Penny rowlandpenny at googlemail.com
Tue Jun 3 07:34:09 MDT 2014

On 03/06/14 14:11, Sven Schwedas wrote:
> I don't know where exactly the problem was, even with debug 5 I was only
> able to see that idmap failed... somewhere (STATUS_SOME_UNMAPPED).
> "Solved" by adding gids/uids to every single AD group and user.
> On 2014-05-28 12:12, Sven Schwedas wrote:
>> We're using a bunch of AD groups -- all users/groups are created and
>> managed with ADUC. Domain Users is the primary group for all users, plus
>> a few for our departments (and Domain Admins). All groups have their
>> posixGroup attributes filled out.
>> wbinfo --group-info and getent group show the correct membership for all
>> groups except Domain Users.
>> smb.conf: http://pastebin.com/ymrXZJ5u
>> Already tried with winbind nss info = sfu, no improvement.
>> LDAP excerpt (members pruned) for Domain Users:
>> http://pastebin.com/3ysX0S7C
>> LDAP excerpt for Domain Admins:
>> http://pastebin.com/vYTu70dV
>> The only difference I can see is the member field. ADUC apparently
>> doesn't explicitly set it for the primary group (and doesn't allow me to
>> set it manually), it only sets memberUid and msSFU30PosixMember (which
>> are both ignored by winbindd). Is there some way I can make winbindd use
>> the correct field, or is there a configuration problem somewhere else?
Hi, I think that you may have run into one of microsofts 'features', 
have a look here:



More information about the samba mailing list