[Samba] Wither "uidNumber" and "gidNumber"? (was: Re: ldbedit: no matching records - cannot edit (newly-created user))

Rowland Penny rowlandpenny241155 at gmail.com
Sun Sep 13 14:30:38 UTC 2015

On 13/09/15 14:52, Jim Seymour wrote:
> On Sun, 13 Sep 2015 08:57:19 +0100
> Rowland Penny <rowlandpenny241155 at gmail.com> wrote:
>> Previously with samba you could have (and probably needed to have)
>> the user stored in /etc/passwd and where ever you stored the samba
>> users (ldap etc)
>> Now with AD, you *cannot* have a local user on a Unix machine that
>> also exists in AD, the Unix tools just cannot cope with this, i.e.
>> getent will not know which 'user' to show the info for, when
>> setting permissions with chmod which user is the owner - the local
>> one or the one in AD. You just create all the users in AD and
>> forget /etc/passwd to a certain extent.
> [snip]
>> Yes, I think you are, What I meant is that there is nothing,
>> datawise, stored in PAM.
> PAM isn't a data store.  PAM stands for "Pluggable Authentication
> Module".  It is a mechanism whereby user identification and
> authentication is abstracted from underlying data stores.  E.g.:
> passwd, NIS, LDAP, or, in this case, Samba4 AD, I suspect.

Is that my granny I see coming, I think I will show her how to suck eggs 

> Unless the user's credentials and other information are available via
> the Samba4 AD: Removing the user from the native Unix passwd (and
> related) files would render the user unable to log in under Unix.

Guess what the RFC2307 attributes are for, yes, you've got it, they are 
used for the users Unix info stored in AD. I am typing this on a laptop 
running Linux Mint 17, my login name is *not* in /etc/passwd, but I can 
login and if I run 'getent passwd rowland', I get this:


If I run: cat /etc/passwd | grep 'rowland'

I get nothing

So where is all that info coming from ?


> Regards,
> Jim

More information about the samba mailing list