[Samba] winbind: homeDirectory being ignored

Brian Candler b.candler at pobox.com
Tue Jun 24 07:49:03 MDT 2014

 > Your user doesn't have a 'gidNumber' winbind seems to need the 
'gidNumber' attribute before it extracts all the users info from AD.

gitNumber seems to be ignored:

root at dc1:~# samba-tool user add user8 Abcd1234 --uid-number=1008 
--home-directory=/home/user8 --login-shell=/bin/bash --gid-number=1008

root at adclient:~# getent passwd user8

ldapsearch shows:
uidNumber: 1008
gidNumber: 1008
loginShell: /bin/bash

Maybe gidNumber has to correspond to a real group object?

The "domain users" group is this object:

# Domain Users, Users, adtest.int.example.net
dn: CN=Domain Users,CN=Users,DC=adtest,DC=int,DC=example,DC=net
objectClass: top
objectClass: group
cn: Domain Users
description: All domain users
instanceType: 4
whenCreated: 20140618075445.0Z
whenChanged: 20140618075445.0Z
uSNCreated: 3541
uSNChanged: 3541
name: Domain Users
objectGUID:: tY04KF2fXEyFT/9qBdevHw==
sAMAccountName: Domain Users
sAMAccountType: 268435456
groupType: -2147483646
isCriticalSystemObject: TRUE
memberOf: CN=Users,CN=Builtin,DC=adtest,DC=int,DC=example,DC=net
distinguishedName: CN=Domain 

So do I need to add a gidNumber attribute to this entry? Or create a new 

Unfortunately I'm doing this without any Windows tools, and "samba-tool 
group add" doesn't have a --gid-number flag.

So I tried adding gidNumber to the group:

root at dc1:~# cat mod.ldif
dn: CN=Domain Users,CN=Users,DC=adtest,DC=int,DC=example,DC=net
changetype: modify
add: gidNumber
gidNumber: 1008

root at dc1:~# ldapmodify -f mod.ldif

ldapsearch confirms it's there, but no difference to the result. I also 
tried adding objectClass: posixGroup to this, still no effect.

Any more suggestions?



More information about the samba mailing list