[Samba] Back with my UID problems

Brett Wynkoop wynkoop+samba at wynn.com
Thu Feb 26 15:24:58 MST 2015

On Wed, 25 Feb 2015 19:48:07 +0000
Rowland Penny <rowlandpenny at googlemail.com> wrote:

> OK, you would appear to be running samba4 in AD mode, i.e. you 
> provisioned it.
> You have now tried to add things to your smb.conf to make it work
> like samba3, this will not work! Put your smb.conf back to what it
> was like just after the provision and then go and read the samba
> wiki : https://wiki.samba.org/index.php/Main_Page and search the
> internet on how to run an Active Directory domain. This will probably
> entail adding 'uidNumber' attributes to your AD users and 'gidNumber'
> attributes to some of your AD groups.
> As for creating users & groups, samba 4 comes with 'samba-tool' for
> more info on this, run 'samba-tool --help' or 'samba-tool user add
> --help', you can also run 'man samba-tool'
> Rowland

The config file produced by samba-tool produced a server that would
allow no connections.  Here is the samba-tool produced config:

root at prd2:/usr/local/etc # cat smb4.conf.initial
# Global parameters
        workgroup = WYNN
        realm = WYNN.COM
        netbios name = PRD2
        server role = active directory domain controller
        dns forwarder =
        idmap_ldb:use rfc2307 = yes

        path = /var/db/samba4/sysvol/wynn.com/scripts
        read only = No

        path = /var/db/samba4/sysvol
        read only = No

This is not the first time you have said "read the documentation".  I
have 30 years as a Unix admin and have been reading and writing
documentation for as long.  I will point out that the first time I came
to this group with this issue I had spent 3 weeks reading everything I
could find on the web to find a solution.  This included the official
docs as well as any other source that seemed to have any information.

Now after a couple of months away from the project because of other
matters that were more pressing at the time I have returned to the
problem.  I did the same due diligence before I made my most recent
request for help.  It is most refreshing to get the answer RTFM yet
again.  Thank you for all your help.



wynkoop at wynn.com               http://prd4.wynn.com/wynkoop/pgp-keys.txt

Amendment III

No soldier shall, in time of peace be quartered in any house, without
the consent of the owner, nor in time of war, but in a manner to be
prescribed by law.

More information about the samba mailing list