[Samba] Samba domain member and rfc2307 user IDs
Rowland penny
rpenny at samba.org
Fri Jul 29 08:13:53 UTC 2016
On 29/07/16 00:09, Kevin Davidson wrote:
> So Louis has released his new deb packages of Samba 4.4.5. I’ve installed them (not entirely smoothly as apt-get still wanted to install winbind 4.2.10 and then failed on all the dependencies)
>
> root at terra:~# apt-cache policy samba
> samba:
> Installed: 2:4.4.5+dfsg-2~bpo8+1
> Candidate: 2:4.4.5+dfsg-2~bpo8+1
> Version table:
> *** 2:4.4.5+dfsg-2~bpo8+1 0
> 500 file:/var/www/html/debian/ jessie/ Packages
> 100 /var/lib/dpkg/status
> 2:4.2.10+dfsg-0+deb8u3 0
> 500 http://security.debian.org/ jessie/updates/main amd64 Packages
> 2:4.1.17+dfsg-2+deb8u2 0
> 500 http://ftp.uk.debian.org/debian/ jessie/main amd64 Packages
> root at terra:~# apt-cache policy winbind
> winbind:
> Installed: (none)
> Candidate: 2:4.2.10+dfsg-0+deb8u3
> Version table:
> 2:4.2.10+dfsg-0+deb8u3 0
> 500 http://security.debian.org/ jessie/updates/main amd64 Packages
> 100 /var/lib/dpkg/status
> 2:4.1.17+dfsg-2+deb8u2 0
> 500 http://ftp.uk.debian.org/debian/ jessie/main amd64 Packages
>
> And I’m still seeing the exact same behaviour. wbinfo -u shows all AD users, wbinfo -g shows all the groups. getent group lists local groups and the ones I’ve added RFC2307 GID data for. getent passwd lists only local users. Nobody can access file shares.
>
>
You don't mention adding a uidNumber attribute to the users, have you
done this ?
To get the winbind 'ad' backend to work on a domain member, you need to
give each AD user a unique uidNumber attribute, you must also give
Domain Users a gidNumber attribute.
if you want 'getent passwd' & 'getent group' to work, you need to add:
winbind enum users = yes
winbind enum groups = yes
to smb.conf
Rowland
More information about the samba
mailing list