[Samba] How to join join Ubuntu desktop to AD

Kevin Davidson kevin at indigospring.co.uk
Sat Dec 10 08:36:11 UTC 2016 


> On 9 Dec 2016, at 19:07, Rowland Penny via samba <samba at lists.samba.org> wrote:
> 
> On Fri, 9 Dec 2016 17:54:29 +0000
> Kevin Davidson via samba <samba at lists.samba.org> wrote:
> 
>> 
>>> On 9 Dec 2016, at 15:55, Rowland Penny via samba
>>> <samba at lists.samba.org> wrote:
>>> 
>>> On Fri, 9 Dec 2016 15:23:24 +0000
>>> Kevin Davidson via samba <samba at lists.samba.org> wrote:
>>> 
>>>> 
>>>>> On 9 Dec 2016, at 14:26, lingpanda101 via samba
>>>>> <samba at lists.samba.org> wrote:
>>>>> 
>>>>> Still no luck getting getent to retrieve user information. I have
>>>>> uid's and gid's setup for all users I am attempting to query.
>>>> 
>>>> 
>>>> But did you give Domain Users a gid? If you don’t do that, winbind
>>>> and getent will not find any UNIX users (doesn’t matter if the
>>>> users have a uid and gid within the range you’ve specified in
>>>> smb.conf). It’s been a while since I had this problem - my memory
>>>> is it’s not clearly mentioned in the wiki at all.
>>>> 
>>> 
>>> It is mentioned on the wiki, to be precise here:
>>> 
>>> https://wiki.samba.org/index.php/Idmap_config_ad#Prerequisites
>>> 
>>> Do you think it needs more emphasis ?
>> 
>> I think I’d move it further up the list to be the first thing listed.
>> As all the other requirements seem obvious to a UNIX admin (UNIX
>> users must have a shell, homedir, uid and gid) it’s easy to miss this
>> one non-obvious requirement that a group that is meaningless to UNIX
>> admins also needs to be changed. There’s also no warning there that
>> the primary group of users should be left as “Domain Users” and not
>> changed to match what the UNIX admin regards as that user’s primary
>> group. I think I’d expect UNIX admins to be reading that section and
>> they may have little, no or wrong knowledge of AD and AD builtin
>> groups.
>> 
>> 
> 
> I have altered the wiki page:
> 
> https://wiki.samba.org/index.php/Idmap_config_ad
> 
> Hopefully it is a bit more obvious now ;-)
> 
> Rowland

!!!!! Yes, that's a little harder to miss now !!!!!

Sent from my iPhone

-- 
Kevin Davidson
Apple Certified System Administrator
Technical Director

t 01506 668674
m 07813 149620
w www.indigospring.co.uk

indigospring (Scotland) Ltd
Registered in Scotland No. SC398572
Registered office: 103 Oldwood Place, Livingston EH54 6US

Follow us on Twitter - twitter.com/indigospringIT
Members of the Apple Consultants Network - consultants.apple.com/uk

http://www.indigospring.co.uk/terms-and-conditions

More information about the samba mailing list