[Samba] Member server - winbind unable to resolve users/groups

buhorojo buhorojo.lcb at gmail.com
Sun Apr 5 08:25:34 MDT 2015


On 05/04/15 15:31, Rowland Penny wrote:
> On 05/04/15 13:56, Luca Olivetti wrote:
>> El 05/04/15 a les 14:25, Rowland Penny ha escrit:
>>
>>> Well yes, but I wanted to show the OP the relation between what the
>>> uidNumber attribute holds and the range set in smb.conf. If what I
>>> propose works (and I sure it will), I would have then advised the OP to
>>> reset Domain Users back to 513, but I would also have pointed out that
>>> you now cannot have *ANY* local users or groups!
>> Why not? 1-499 can still be local groups, as can be gids > 50000
>>
>>> I would also have pointed out that the lowest uid on Debian/Ubuntu, 
>>> that
>>> is not a system user, is 1000, so using the range '500-50000' is not a
>>> good idea.
>> It is if you already have users with those uids. Not everybody can start
>> fresh. When I started using linux and samba many years ago, the
>> distribution I used had 500 as the lowest uid (e.g. my uid is 500) and
>> it's not practical to change the ownership of the more than 3 millions
>> files I have.
>>
>> Bye
>
> OK, so you have users that start at '500', these will undoubtedly be 
> local Unix users not AD users, unless you have migrated these users to 
> AD, in which case you would have had to remove the local Unix users.
>
> If you will never need any local Unix users (and what happens if the 
> domain connection goes down ?) then you could start the AD users at 
> where the local Unix users are supposed to start (debian 1000, older 
> red-hat 500, newer red-hat 1000), but this is if you *only* have Unix 
> system users on the computer.
>
> I cannot recommend this type of setup, there is no reason to have such 
> a setup and if you do have such a setup, then my recommendation is to 
> retire and let somebody else sort out your mess.
>
> Rowland
>
>
I'd recommend you start you own list. For hobbyists only.


More information about the samba mailing list