[Samba] winbind bug?

Doug Tucker tuckerd at lyle.smu.edu
Thu Mar 27 12:08:08 MDT 2014

On 03/27/2014 12:51 PM, Chan Min Wai wrote:
> Hi Doung,
> Quote you statement "configuration and held the unix uid's, etc..that 
> this would tell samba to look to AD for those values (which concerns 
> me to put that in and break all the existing users) and we certainly 
> do not have that in our AD here"
> If your AD users don't have unix uid , home dir, shell...
It gets this from unix.  We merely pass the login credentials to AD for 
authentication.  Then we map to the unix side for unix uid, home dir.   
This directive maps the unix users to a corresponding AD user:

# Unix users can map to different SMB User names
    username map = /etc/samba/domain_user.map

> If you don't have unix uid, winbind will not read this users...
All users are being read by winbind, even the ones that are 
failing..those with unix ID > 11000.  I can show you the logs on a 
failed user.  They pass authentication.  Their unix id is correct.  
Samba presents then their home directory, and then suddenly drops to 
"access denied".

Not to throw confusion in it as I am trying to get some focus on this 
fact that unix ID > 11000 fails on windows 7..but, if I change the home 
directory permissions on the unix side from 700 (standard) to 777...the 
user that *was* failing can then map the directory, and when they write 
files, it is written with the correct permissions.

More information about the samba mailing list