[Samba] Wither "uidNumber" and "gidNumber"? (was: Re: ldbedit: no matching records - cannot edit (newly-created user))

Jim Seymour jseymour at LinxNet.com
Sat Sep 12 23:45:48 UTC 2015

On Sat, 12 Sep 2015 21:51:54 +0100
Rowland Penny <rowlandpenny241155 at gmail.com> wrote:

> On 12/09/15 21:30, Jim Seymour wrote:
> > On Sat, 12 Sep 2015 13:13:11 -0600
> > Nigel W <nigel.w at nosun.ca> wrote:
> >
> > [snip]
> >> You create the users on the directory with the same uid and
> >> uidNumber as the local users and then remove local users on the
> >> systems.  Same applies to the groups.
> > [snip]
> >
> > Why would I want to remove the local users and groups?  You mean
> > from /etc/passwd, /etc/group, /etc/shadow, NIS or whatever?
> You cannot have a local user and an AD user with the same name,
> this also goes for groups. Apart from possibly a few admin users,
> *all* your users & groups need to be in AD.

It just occurred to me: He was referring to "local user" in the
context of a (MS-Win) client machine, right?  Not "local user" as in
user with *nix account on the server.

> >
> > Or... did the Samba4 provisioning throw entries into PAM?  So now
> > Samba4's ldap data replaces it?
> Nothing in PAM, all in AD :-)

$ cat /etc/pam.d/samba
@include common-auth
@include common-account
@include common-session-noninteractive


Excerpt: "pam_winbind is a PAM module that can authenticate users
against the local domain by talking to the Winbind daemon."


Anyway, I think we may be getting off the (immediate) path.  (And
perhaps talking about different things.)

Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.

More information about the samba mailing list