[Samba] Samba AD: gidNumber?

[Rowland Penny]

On 26/10/15 21:38, Viktor Trojanovic wrote:
> I joined a Samba AD member server (file server) to a Samba AD DC. This 
> seems to have worked. However, if I try to access the file server from 
> the domain administrator account on a Windows client, I am asked to 
> provide authorization details. Since I have no other privileged users, 
> I am using the domain admin credentials but they're not accepted.
>
> I'm not sure exactly where to look but I think the problem could be 
> connected to the following: On my member server, the getent command 
> does not yield any results. As per the recommendations on the "Samba 
> Member Server Troubleshooting" page, I checked on the DC if the group 
> Domain Users has a gidNumber. Well, it doesn't. Neither do my users 
> have uidNumbers though this, allegedly, is not such an issue.

Yes it is, there is no point in adding a gidNumber to  Domain Users if 
you are not going to give your Users a uidNumber.

As far as how to add uidNumbers and gidNumbers, well firstly, do you 
need to? if your users are never going to actually log into the member 
server and this is your only Unix machine, you could use the winbind 
'rid' backend, this will create the ID numbers on the fly.
If you have more than one member server, or Unix clients or want your 
users to log into the member server, you will probably be better off 
using the winbind 'ad' backend. To do this you will need to give your 
users a unique uidNumber and Domain Users (at least) a gidNumber. You 
can do this by using the ADUC UNIX Attributes tab, by writing your own 
script using an ldif, or by using something like the LDAP Account 
Manager (LAM).

Rowland
>
> To solve it, all it says is to "add a gidNumber to Domain Users".
>
> How do I do that?
>