[Samba] How to join join Ubuntu desktop to AD

Kevin Davidson kevin at indigospring.co.uk
Fri Dec 9 17:54:29 UTC 2016 

> On 9 Dec 2016, at 15:55, Rowland Penny via samba <samba at lists.samba.org> wrote:
> 
> On Fri, 9 Dec 2016 15:23:24 +0000
> Kevin Davidson via samba <samba at lists.samba.org> wrote:
> 
>> 
>>> On 9 Dec 2016, at 14:26, lingpanda101 via samba
>>> <samba at lists.samba.org> wrote:
>>> 
>>> Still no luck getting getent to retrieve user information. I have
>>> uid's and gid's setup for all users I am attempting to query.
>> 
>> 
>> But did you give Domain Users a gid? If you don’t do that, winbind
>> and getent will not find any UNIX users (doesn’t matter if the users
>> have a uid and gid within the range you’ve specified in smb.conf).
>> It’s been a while since I had this problem - my memory is it’s not
>> clearly mentioned in the wiki at all.
>> 
> 
> It is mentioned on the wiki, to be precise here:
> 
> https://wiki.samba.org/index.php/Idmap_config_ad#Prerequisites
> 
> Do you think it needs more emphasis ?

I think I’d move it further up the list to be the first thing listed. As all the other requirements seem obvious to a UNIX admin (UNIX users must have a shell, homedir, uid and gid) it’s easy to miss this one non-obvious requirement that a group that is meaningless to UNIX admins also needs to be changed. There’s also no warning there that the primary group of users should be left as “Domain Users” and not changed to match what the UNIX admin regards as that user’s primary group. I think I’d expect UNIX admins to be reading that section and they may have little, no or wrong knowledge of AD and AD builtin groups.


Kevin Davidson
Apple Certified System Administrator
Technical Director

t 01506 668674
m 07813 149620
w www.indigospring.co.uk

indigospring (Scotland) Ltd
Registered in Scotland No. SC398572
Registered office: 103 Oldwood Place, Livingston EH54 6US

Follow us on Twitter - twitter.com/indigospringIT <http://twitter.com/indigospringIT>
Members of the Apple Consultants Network - consultants.apple.com/uk <http://consultants.apple.com/uk>

http://www.indigospring.co.uk/terms-and-conditions

More information about the samba mailing list