[Samba] Samba domain member and rfc2307 user IDs

Rowland penny rpenny at samba.org
Fri Jul 29 08:13:53 UTC 2016


On 29/07/16 00:09, Kevin Davidson wrote:
> So Louis has released his new deb packages of Samba 4.4.5. I’ve installed them (not entirely smoothly as apt-get still wanted to install winbind 4.2.10 and then failed on all the dependencies)
>
> root at terra:~# apt-cache policy samba
> samba:
>    Installed: 2:4.4.5+dfsg-2~bpo8+1
>    Candidate: 2:4.4.5+dfsg-2~bpo8+1
>    Version table:
>   *** 2:4.4.5+dfsg-2~bpo8+1 0
>          500 file:/var/www/html/debian/ jessie/ Packages
>          100 /var/lib/dpkg/status
>       2:4.2.10+dfsg-0+deb8u3 0
>          500 http://security.debian.org/ jessie/updates/main amd64 Packages
>       2:4.1.17+dfsg-2+deb8u2 0
>          500 http://ftp.uk.debian.org/debian/ jessie/main amd64 Packages
> root at terra:~# apt-cache policy winbind
> winbind:
>    Installed: (none)
>    Candidate: 2:4.2.10+dfsg-0+deb8u3
>    Version table:
>       2:4.2.10+dfsg-0+deb8u3 0
>          500 http://security.debian.org/ jessie/updates/main amd64 Packages
>          100 /var/lib/dpkg/status
>       2:4.1.17+dfsg-2+deb8u2 0
>          500 http://ftp.uk.debian.org/debian/ jessie/main amd64 Packages
>
> And I’m still seeing the exact same behaviour. wbinfo -u shows all AD users, wbinfo -g shows all the groups. getent group lists local groups and the ones I’ve added RFC2307 GID data for. getent passwd lists only local users. Nobody can access file shares.
>
>

You don't mention adding a uidNumber attribute to the users, have you 
done this ?

To get the winbind 'ad' backend to work on a domain member, you need to 
give each AD user a unique uidNumber attribute, you must also give 
Domain Users a gidNumber attribute.

if you want 'getent passwd' & 'getent group' to work, you need to add:

winbind enum users = yes
winbind enum groups = yes

to smb.conf

Rowland




More information about the samba mailing list