[Samba] winbind bug?

Doug Tucker tuckerd at lyle.smu.edu
Fri Mar 28 08:01:23 MDT 2014

Appreciate everyone's help on this. Much thanks to Rowland and 
Jonathan.  I had not installed a "new" instance since 2008 it turns out 
(and I've probably logged into this instance 5 times the whole time it 
has been up), and this major shift really bit me.  Or rather, the fact 
that the darn thing just simply worked when apparently it shouldn't have 
bit me.  I read the man pages in the security/domain section again and I 
may be blind (or not understanding the terminology again) but I still 
don't see where it says to do this though I accept the knowledge of this 
group that it is fact.  After going through this...wow... I think right 
there in every document ever written there should be a disclaimer in all 
caps and in bold where if you set security to be ads, YOU MUST PUT YOUR 
UNIX ATTRIBUTES IN THE AD.  That would have saved me an entire week.  
Again, thanks to all!


Doug Tucker

On 03/28/2014 07:37 AM, steve wrote:
> On Thu, 2014-03-27 at 20:22 +0000, Rowland Penny wrote:
>> Do you have access to the Windows server ? if you do, give all your
>> users and groups the required RFC2307 attributes. You can do this using
>> ADUC provided that it is showing the UNIX Attributes tab for users &
>> groups. You can then pull these attributes with winbind, nlscd or sssd
>> on the linux machine, your problem will then go away.
> +1
> As already suggested, this would solve all your problems, forever. Your
> windows admin simply needs to extend the schema:
> http://www.microsoft.com/en-us/download/details.aspx?id=8260
> Cheers,
> Steve

More information about the samba mailing list