[Samba] ADS domain member: winbind fails [SOLVED]

Stefan G. Weichinger lists at xunil.at
Sun Jan 1 12:45:11 UTC 2017

Am 2017-01-01 um 13:29 schrieb Rowland Penny via samba:

> Try checking in AD, as you have classicupgraded, your users should have
> uidNumber attributes. Find the lowest and the highest, do the same for
> groups and if you change to the 'ad' backend and set the range based on
> your lowest and highest numbers (remembering you will probably want to
> add new users, so add something to the highest number), you should get
> the same IDs you had on the PDC. You will have to remove the users
> from /etc/passwd though.
> The ranges on the wiki were chosen for:
> the '*' range starts at 2000 so that it allows for any local Unix users
> & groups you may require, it ends at 9999.
> The 'DOMAIN' range starts at 10000, this is where ADUC starts from, you
> can end it where you like.
> The whole idea behind AD is having just one place to maintain users,
> so you do not and should not have users in multiple databases.

I was bold now.
rm-ed users from memberserver:/etc/passwd

stopped samba services, edited backend to "ad", restarted

seems to work for me ;-)

same to do on DC, I assume (we run 3 administrative shares there as well)

More information about the samba mailing list