[Samba] winbind/i­dmap­ issue on samba4 mem­ber s­erver

?icro MEGAS micromegas at mail333.com
Mon Oct 20 11:28:54 MDT 2014

Oh! I think I did find the error now :-) If I understand "NOW" correctly, I have also to assign a UID to EACH of my AD users in ADUC tool in the [UNIX Attribute] tab, is that correct? I just tried out. In ADUC tool I did choose "testuser3", and on the [UNIX Attribute] tab I activated the NIS domain so it reflects to "MYDOM". Then by default there was UID=10000, I modified that to 11111. After that, on DC1 "getent passwd testuser3" returned the new id 11111 for that user. And when I execute "getent passwd" on my member server, I get that particular testuser displayed correctly with UID=11111. GREAT! :-)

To summarize: I gave testuser3 the UID=11111, which is within the range for the domain MYDOM which is using ad backend (see my member server smb.conf on the initial posting of this thread). That's why the mapping occured correctly. The other AD users have an id over 3.000.000, and "no" NIS domain were assigned to their attributes through ADUC tool yet. That's why the mapping CANNOT occur.

Is that correct, just to be sure that I did understand how it works?

As conclusion ==> I have to edit EVERY single user in my AD and activate [UNIX Attribute] --> NIS DOMAIN: MYDOM and assign a unique ID to it?


I have done everything according https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC and afterwards with ADUC tool I assigned GID=10000 to the AD group "Domain Users". As you have seen on my initial posting, the setting was reflected to my AD users. I did not touch any setting in [UNIX Attribute] tab for my users though...

More information about the samba mailing list