[Samba] Wither "uidNumber" and "gidNumber"? (was: Re: ldbedit: no matching records - cannot edit (newly-created user))

Jim Seymour jseymour at LinxNet.com
Sun Sep 13 13:52:35 UTC 2015

On Sun, 13 Sep 2015 08:57:19 +0100
Rowland Penny <rowlandpenny241155 at gmail.com> wrote:

> Previously with samba you could have (and probably needed to have)
> the user stored in /etc/passwd and where ever you stored the samba
> users (ldap etc)
> Now with AD, you *cannot* have a local user on a Unix machine that
> also exists in AD, the Unix tools just cannot cope with this, i.e.
> getent will not know which 'user' to show the info for, when
> setting permissions with chmod which user is the owner - the local
> one or the one in AD. You just create all the users in AD and
> forget /etc/passwd to a certain extent.
> Yes, I think you are, What I meant is that there is nothing,
> datawise, stored in PAM.

PAM isn't a data store.  PAM stands for "Pluggable Authentication
Module".  It is a mechanism whereby user identification and
authentication is abstracted from underlying data stores.  E.g.:
passwd, NIS, LDAP, or, in this case, Samba4 AD, I suspect.

Unless the user's credentials and other information are available via
the Samba4 AD: Removing the user from the native Unix passwd (and
related) files would render the user unable to log in under Unix.

Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.

More information about the samba mailing list