[Samba] Member server - winbind unable to resolve users/groups

Rowland Penny rowlandpenny at googlemail.com
Sun Apr 5 07:31:07 MDT 2015

On 05/04/15 13:56, Luca Olivetti wrote:
> El 05/04/15 a les 14:25, Rowland Penny ha escrit:
>> Well yes, but I wanted to show the OP the relation between what the
>> uidNumber attribute holds and the range set in smb.conf. If what I
>> propose works (and I sure it will), I would have then advised the OP to
>> reset Domain Users back to 513, but I would also have pointed out that
>> you now cannot have *ANY* local users or groups!
> Why not? 1-499 can still be local groups, as can be gids > 50000
>> I would also have pointed out that the lowest uid on Debian/Ubuntu, that
>> is not a system user, is 1000, so using the range '500-50000' is not a
>> good idea.
> It is if you already have users with those uids. Not everybody can start
> fresh. When I started using linux and samba many years ago, the
> distribution I used had 500 as the lowest uid (e.g. my uid is 500) and
> it's not practical to change the ownership of the more than 3 millions
> files I have.
> Bye

OK, so you have users that start at '500', these will undoubtedly be 
local Unix users not AD users, unless you have migrated these users to 
AD, in which case you would have had to remove the local Unix users.

If you will never need any local Unix users (and what happens if the 
domain connection goes down ?) then you could start the AD users at 
where the local Unix users are supposed to start (debian 1000, older 
red-hat 500, newer red-hat 1000), but this is if you *only* have Unix 
system users on the computer.

I cannot recommend this type of setup, there is no reason to have such a 
setup and if you do have such a setup, then my recommendation is to 
retire and let somebody else sort out your mess.


More information about the samba mailing list