[Samba] Member server - winbind unable to resolve users/groups
Rowland Penny
rowlandpenny at googlemail.com
Sun Apr 5 07:31:07 MDT 2015
On 05/04/15 13:56, Luca Olivetti wrote:
> El 05/04/15 a les 14:25, Rowland Penny ha escrit:
>
>> Well yes, but I wanted to show the OP the relation between what the
>> uidNumber attribute holds and the range set in smb.conf. If what I
>> propose works (and I sure it will), I would have then advised the OP to
>> reset Domain Users back to 513, but I would also have pointed out that
>> you now cannot have *ANY* local users or groups!
> Why not? 1-499 can still be local groups, as can be gids > 50000
>
>> I would also have pointed out that the lowest uid on Debian/Ubuntu, that
>> is not a system user, is 1000, so using the range '500-50000' is not a
>> good idea.
> It is if you already have users with those uids. Not everybody can start
> fresh. When I started using linux and samba many years ago, the
> distribution I used had 500 as the lowest uid (e.g. my uid is 500) and
> it's not practical to change the ownership of the more than 3 millions
> files I have.
>
> Bye
OK, so you have users that start at '500', these will undoubtedly be
local Unix users not AD users, unless you have migrated these users to
AD, in which case you would have had to remove the local Unix users.
If you will never need any local Unix users (and what happens if the
domain connection goes down ?) then you could start the AD users at
where the local Unix users are supposed to start (debian 1000, older
red-hat 500, newer red-hat 1000), but this is if you *only* have Unix
system users on the computer.
I cannot recommend this type of setup, there is no reason to have such a
setup and if you do have such a setup, then my recommendation is to
retire and let somebody else sort out your mess.
Rowland
More information about the samba
mailing list