[Samba] Shares not accessible when using FQDN

Rowland Penny rpenny at samba.org
Wed Aug 30 09:56:46 UTC 2017

On Wed, 30 Aug 2017 11:25:04 +0200 (CEST)
Gaetan SLONGO <gslongo at it-optics.com> wrote:

> Rowland, 
> Yes, I mean uidNumber and gidNumber. 
> I'm aware I need to work with AD but at this time I need my unix IDs
> (on NSS) to keep services working. Not only for files ownership, but
> also for some other services. Yeah, that's complex... If I undestand
> well, the best way to do is to join the server using "net ads join"
> and use nss_winbind. This what I do but I only use the NSS LDAP
> backend instead of NSS (to keep correct ownership). This will be
> cleaned in the future (within next migration steps) but for now I
> think I have no other choice beacause it seems I cannot obtain unix
> IDs through Winbind on a domain member (or maybe I missed the
> solution??). 

If you have users in AD and if you examine a typical users object in AD
and have something like this:

uidNumber: 10000

Then yes, I would say that you have missed the solution, this is from a
Unix domain member using the winbind 'ad' backend:

getent passwd rowland
rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
Notice this |

I wonder where that comes from ?
Oh I know 'uidNumber: 10000' ;-)

I think your problem may be a very common one, the 'Domain Users' group
in AD hasn't got a gidNumber attribute, if it has, then you haven't set
smb.conf up correctly, in which case post your smb.conf


More information about the samba mailing list