[Samba] ADS domain member: winbind fails [SOLVED]

Stefan G. Weichinger lists at xunil.at
Sun Jan 1 16:05:44 UTC 2017

ok, edited etc

all uidNumber now > 10000

except that "root", I was unsure now (?)


# ldbsearch -H /var/lib/samba/private/sam.ldb cn=Domain\ Users | grep
gidNumber: 10001


smb.conf on member:

        idmap config * : backend = tdb
        idmap config * : range = 2000-2999

        idmap config ARBEITSGRUPPE:backend = ad
        idmap config ARBEITSGRUPPE:range = 10000-99999
        idmap config ARBEITSGRUPPE:schema_mode = rfc2307

        username map = /etc/samba/user.map

        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        winbind refresh tickets = Yes


restarted all samba daemons on DC and member server, flushed cache

On DC:

# wbinfo -i sgw

# getent passwd sgw

(good, afaik)

On member server:# wbinfo -i sgw

main samba # getent passwd sgw

- nice, correct??

I even did an additional change and set the gidNumber to 10513 to match
the former gid (in the shared directory the group-id was 10513, now it
is displayed as "domain users" as well).

so now I have:

# getent passwd sgw


Any idea what else might be missing? ;-)


More information about the samba mailing list