[Samba] Samba AD: gidNumber?
Rowland Penny
rowlandpenny241155 at gmail.com
Mon Oct 26 22:03:31 UTC 2015
On 26/10/15 21:38, Viktor Trojanovic wrote:
> I joined a Samba AD member server (file server) to a Samba AD DC. This
> seems to have worked. However, if I try to access the file server from
> the domain administrator account on a Windows client, I am asked to
> provide authorization details. Since I have no other privileged users,
> I am using the domain admin credentials but they're not accepted.
>
> I'm not sure exactly where to look but I think the problem could be
> connected to the following: On my member server, the getent command
> does not yield any results. As per the recommendations on the "Samba
> Member Server Troubleshooting" page, I checked on the DC if the group
> Domain Users has a gidNumber. Well, it doesn't. Neither do my users
> have uidNumbers though this, allegedly, is not such an issue.
Yes it is, there is no point in adding a gidNumber to Domain Users if
you are not going to give your Users a uidNumber.
As far as how to add uidNumbers and gidNumbers, well firstly, do you
need to? if your users are never going to actually log into the member
server and this is your only Unix machine, you could use the winbind
'rid' backend, this will create the ID numbers on the fly.
If you have more than one member server, or Unix clients or want your
users to log into the member server, you will probably be better off
using the winbind 'ad' backend. To do this you will need to give your
users a unique uidNumber and Domain Users (at least) a gidNumber. You
can do this by using the ADUC UNIX Attributes tab, by writing your own
script using an ldif, or by using something like the LDAP Account
Manager (LAM).
Rowland
>
> To solve it, all it says is to "add a gidNumber to Domain Users".
>
> How do I do that?
>
More information about the samba
mailing list