[Samba] AD Group lost from Winbind

Rowland penny rpenny at samba.org
Fri Feb 12 09:05:21 UTC 2016


On 12/02/16 08:36, L.P.H. van Belle wrote:
> Ok, possible solution.
>
> TEST DC1. Wrong
> id admin
> uid=10000(admin) gid=10000(domain users) groups=10000(domain users), 3000008(domain admins),3000005(denied rodc password replication group),3000009(BUILTIN\users),3000000(BUILTIN\administrators)
>
>
> TEST DC2. Correct.
> id admin
> uid=10000(DOMAIN\admin) gid=10000(DOMAIN \Domain Users) groups=10000(DOMAIN \Domain Users),10001(DOMAIN \Domain Admins)
>
>
> and , after config change DC1.
>
> id admin
> uid=10000(DOMAIN \admin) gid=10000(DOMAIN \Domain Users) groups=10000(DOMAIN \Domain Users), 10001(DOMAIN \Domain Admins)
>
> Pfeww.. my weekend is saved..  :-)
>
> The fix for me :
>
> I only changed this on the DC's
>
> #       server services = -dns
>          server services = -dns -winbindd +winbind
>
> so its something in the winbindd code.

Possibly, but then again it could be something in the code that links 
winbindd to samba :-)

I wouldn't rely on 'winbind', it could (and probably will) be removed at 
any time.

What is supposed to work with 'winbindd' is that uidNumbers & gidNumbers 
will be used instead of xidNumbers, anything else you had working was a 
bonus (and something that never worked for me). If, with 4.3.x, only 
xidNumbers are being used, then this is very probably a bug.

Rowland

>
>
>
> Greetz,
>
> Louis
>
>
>
>




More information about the samba mailing list