[Samba] winbind bug?

Rowland Penny rowlandpenny at googlemail.com
Thu Mar 27 13:06:52 MDT 2014

On 27/03/14 18:50, Doug Tucker wrote:
>>> We populate /etc/passwd and /etc/group with the unix account 
>>> information with password stripped out.  This is how it maps the 
>>> domain account through the domain user map directive for the unix 
>>> username/id/homedir/shell.
>> I thought so, you cannot have a local user or group that is also in 
>> AD, I suggest you remove them from the linux machine.
>> Rowland
> Rowland, that ignores the fact that all of my users other than this 
> select group (5% maybe) on a certain client are working and working 
> just fine.  Those same failing users work on windows XP and linux 
> cifs.  And to shares even on win7 where the access is controlled via 
> unix gid.
> Further, removing those entries samba will have no idea what the unix 
> id is to create a mapping, the path to the home directory.
When a user connects, /etc/nsswitch.conf is consulted, this will have 
lines for passwd & group, yours will (I presume) look something like this:

passwd:         compat winbind
group:          compat winbind

What this means is, the the first place to look for a user is 
/etc/passwd and if the user exists there, then that info is used, what I 
think is happening is that your windows 7 user does not exist there, or 
more likely is there, but with a different ID number.

I will repeat, you cannot have users both in /etc/passwd and AD, if you 
want to have users use different home directory paths, look into using 
RFC2307 attributes.


More information about the samba mailing list