[Samba] winbind bug?

Rowland Penny rowlandpenny at googlemail.com
Thu Mar 27 14:22:07 MDT 2014

On 27/03/14 20:07, Doug Tucker wrote:
> I am certain that this is all down to the non standard way you are 
> using samba and AD, you have a user ID in /etc/passwd and I 'think' 
> that winbind is giving your user a different one.
> Can you elaborate on this?  Maybe I'm not understanding what you mean 
> by "winbind giving your user a different one".  When this user maps, 
> his proper unix id shows up in the logs.  Is that what you mean?
>> as far as I am concerned, you came up with your non-standard way of 
>> doing things and do not want to listen to advice from anybody, so you 
>> fix it!!!
>> Rowland
> Rowland, I'm not trying to make you mad.  I have listened to advice.  
> I have made changes to a running server on the fly even at times I 
> didn't understand why or thought it wouldn't make a difference.  My 
> conf file looks different than it did 2 hours ago based on people's 
> advice.
> I don't know what I'm doing "non standard".  Most of the configuration 
> I got from the samba wiki how to: 
> https://wiki.samba.org/index.php/Samba_&_Active_Directory and from a 
> centos how to I found.  I have a samba 3.033 box set up this same 
> way.  I have the users with trouble mapping to it for now and they 
> work.  I didn't come up with anything on my own, just from the 
> community how to's.
Do you have access to the Windows server ? if you do, give all your 
users and groups the required RFC2307 attributes. You can do this using 
ADUC provided that it is showing the UNIX Attributes tab for users & 
groups. You can then pull these attributes with winbind, nlscd or sssd 
on the linux machine, your problem will then go away.

If you don't have access to the windows server, get your windows admin 
to do it for you.

This way of doing things is the standard windows way of doing things and 
has been for years, your way (as far as I can see) has never been 
standard, unless you can point me at just where it is published.

The only other thing to say is, you should never try something new on a 
server running in production, you should do it on a test network, even 
if it means using VM's.


More information about the samba mailing list