[Samba] idmap weirdness - wildcard values being used instead of rfc2307 AD values

Doug Meredith doug.meredith at skyridge.com
Thu Oct 30 06:46:52 MDT 2014

Hi Roland,

On Thu, Oct 30, 2014 at 9:31 AM, Rowland Penny <rowlandpenny at googlemail.com>

> On 30/10/14 11:29, Doug Meredith wrote:
>> I've done a lot of research on this and haven't been able to solve the
>> problem.  Hopefully someone here has a better understanding of this than I
>> do.
>> The problem is that the UIDs and GIDs are not being fetched from AD.  For
>> example "getent passwd doug" returns:
>> doug:*:70003:70005:Doug Meredith:/home/DSTRC/doug:/bin/false
>> My full name has correctly been pulled from AD but the UID specified in AD
>> is 20001 and the group is 10000.
> Is the computer joined to the domain ? what is the AD DC ? any chance of
> seeing the users entry in AD ? smb.conf appears OK except that what is
> being pulled from AD doesn't seem to include the users unixHomeDirectory &
> loginShell. I wonder if you are mistaking the 'uid' attribute for the
> 'uidNumber' attribute ?
The computer is joined to the domain (the computer account was successfully
created in AD).  The DC is Debian running sernet Samba 4.1.12.

When I refer to the UID in AD, I mean the value stored on the "UNIX
attributes" tab in ADUAC.  I hadn't noticed this until you pointed it out,
but you are right about the home directory and shell.  The values shown by
getent are not the values specified in AD.  That reframes the problem(for
me; seems like you already realized it):  The user's full name (a standard
AD attribute) is being pulled successfully, but *none* of the RFC2307
attributes are being retrieved.  Any thoughts on why this might be, or
things I could try in order to identify the problem?


More information about the samba mailing list