[Samba] WINBIND: UID and GID false mappings on domain member

[rawi]

> Just provisioning with --rfc2307 isn't enough, you personally need to 
> add any required RFC2307 attributes.

But you see my test user has his attributes. From samba-tool. Do you mean
the basic objects, the templates for the user and group? If yes, how to do
it?


> Can I suggest you put dnsupdate back and then setup bind9 on the DC 
> correctly.

I will...


> You must be using an old version of samba-tool, it doesn't do that now.

Version 4.3.9 from the last fresh ubuntu LTS.
And I asked on FreeNode, they would not upgrade to the 4.4. branch if 4.3
hasn't bugs...


> No they are not: 
> 
> dn: CN=test,CN=Users,DC=humgen,DC=0zone 
> ...... 
> primaryGroupID: 513 

Oh, I hoped winbind would give me:
uidNumber: 9439 
gidNumber: 5001
... from the posix attributes


> This makes the users primary group 'Domain Users' and as such, the 
> primary group must have a gidNumber, or all your users will be ignored 
> by winbind. Do not think of changing the users primaryGroupID, windows 
> expects all users to be members of 'Domain Users' 

I'll remember this
How would behave a group mapping of "domain users" on my group 5001
(hg_allg) ?


> No, just that you have set up Samba incorrectly, you are trying to use 
> AD like you used your old NT4-style domain. 
> 
> Can I suggest that you go and read the Samba wiki:

OK, I'll set dnsupdate back and all the rest new.
I tryed to find my way around the problem with the data's posix rights.

Would be sssd a better fit for this?

Can you think of a work around, to transfer the current data with the old
unix UID/GID, so that the users will see it the same?
How should I define the new created users for this?

Thank you Rowland!




--
View this message in context: http://samba.2283325.n4.nabble.com/WINBIND-UID-and-GID-false-mappings-on-domain-member-tp4706553p4706568.html
Sent from the Samba - General mailing list archive at Nabble.com.