[Samba] How to join join Ubuntu desktop to AD

[Rowland Penny]

On Fri, 9 Dec 2016 17:54:29 +0000
Kevin Davidson via samba <samba at lists.samba.org> wrote:

> 
> > On 9 Dec 2016, at 15:55, Rowland Penny via samba
> > <samba at lists.samba.org> wrote:
> > 
> > On Fri, 9 Dec 2016 15:23:24 +0000
> > Kevin Davidson via samba <samba at lists.samba.org> wrote:
> > 
> >> 
> >>> On 9 Dec 2016, at 14:26, lingpanda101 via samba
> >>> <samba at lists.samba.org> wrote:
> >>> 
> >>> Still no luck getting getent to retrieve user information. I have
> >>> uid's and gid's setup for all users I am attempting to query.
> >> 
> >> 
> >> But did you give Domain Users a gid? If you don’t do that, winbind
> >> and getent will not find any UNIX users (doesn’t matter if the
> >> users have a uid and gid within the range you’ve specified in
> >> smb.conf). It’s been a while since I had this problem - my memory
> >> is it’s not clearly mentioned in the wiki at all.
> >> 
> > 
> > It is mentioned on the wiki, to be precise here:
> > 
> > https://wiki.samba.org/index.php/Idmap_config_ad#Prerequisites
> > 
> > Do you think it needs more emphasis ?
> 
> I think I’d move it further up the list to be the first thing listed.
> As all the other requirements seem obvious to a UNIX admin (UNIX
> users must have a shell, homedir, uid and gid) it’s easy to miss this
> one non-obvious requirement that a group that is meaningless to UNIX
> admins also needs to be changed. There’s also no warning there that
> the primary group of users should be left as “Domain Users” and not
> changed to match what the UNIX admin regards as that user’s primary
> group. I think I’d expect UNIX admins to be reading that section and
> they may have little, no or wrong knowledge of AD and AD builtin
> groups.
> 
> 

I have altered the wiki page:

https://wiki.samba.org/index.php/Idmap_config_ad

Hopefully it is a bit more obvious now ;-)

Rowland