[Samba] Member server - winbind unable to resolve users/groups

Luca Olivetti luca at wetron.es
Sun Apr 5 08:09:05 MDT 2015

El 05/04/15 a les 15:31, Rowland Penny ha escrit:

> OK, so you have users that start at '500', these will undoubtedly be
> local Unix users not AD users, unless you have migrated these users to
> AD, in which case you would have had to remove the local Unix users.

Uh? They're users, currently in ldap and after that in AD, and they will
maintain the same uids/gids. I would be pretty angry if they didn't,
since it would screw up file ownership

> If you will never need any local Unix users (and what happens if the
> domain connection goes down ?) 

Isn't winbind supposed to cache that?

> then you could start the AD users at
> where the local Unix users are supposed to start (debian 1000, older
> red-hat 500, newer red-hat 1000), but this is if you *only* have Unix
> system users on the computer.

Nonsense. I can simply use uids/gids outside the range for local users.

> I cannot recommend this type of setup, there is no reason to have such a
> setup and if you do have such a setup, then my recommendation is to
> retire and let somebody else sort out your mess.

This is not a "mess". This was best-practice in its day (some of us have
been using Linux when it was still not fashionable to do so) and it
still works fine. There is no reason to change what's working fine only
to follow your recommendation. Otherwise there would be no reason to
make the range configurable: it is in order to adapt to one's environment.

Luca Olivetti
Wetron Automation Technology http://www.wetron.es
Tel. +34 935883004  Fax +34 935883007

More information about the samba mailing list