[Samba] Issues post AD migration

Nico Kadel-Garcia nkadel at gmail.com
Sun Apr 15 01:48:57 UTC 2018

On Fri, Apr 13, 2018 at 8:26 AM, Rowland Penny via samba
<samba at lists.samba.org> wrote:
> On Fri, 13 Apr 2018 11:50:55 +0000
> Praveen Ghimire <PGhimire at sundata.com.au> wrote:
>> Hi Rowland,
>> The group was in /etc/group and LDAP. Post the AD migration, the
>> group didn’t show up in AD. We then added the group in AD, will check
>> if it has a gid number. If AD doesn’t have gid, can I remove the
>> group /etc/group and assign it the same gid in AD?
>> The group in question was one of many which had the same issue, hence
>> the question about importing missed groups in AD
> First things first, you cannot have users or groups in /etc/passwd
> or /etc/group and in AD. To be an AD user or group, they must exist
> only in AD.

Well, you *can* have local groups and users that are also in AD.
they're resolved on Linux systems and in CygWin  in the order
specified in /etc/nsswitch.conf. It's precisely how you can list a
local user, with a different local password, to provide shell access
and especially sudo access if the Samba or AD server goes toes up.
They can also be the source of endless confusion if they don't match
uid, gid, group members, home directory, etc., etc., etc. But they can
cause endless confusion, especially if they are inconsistent. It's
generally safest to list them strictly in AD.

More information about the samba mailing list