[Samba] idmap config ad

Rowland Penny rpenny at samba.org
Thu Jan 31 17:00:47 UTC 2019

On Thu, 31 Jan 2019 11:42:35 -0500
Sonic <sonicsmith at gmail.com> wrote:

> On Mon, Jan 28, 2019 at 9:28 AM Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> > Does Domain Users have a gidNumber attribute containing a number
> > inside the 10000-99999' range ?
> >
> > Do any Active directory groups have such a gidNumber ?
> Hi Rowland,
> Not at this time, I didn't know that had to be assigned first.

Yes it does, if you use the winbind 'ad' backend, you MUST add rfc2307
attributes to users & groups in AD, they are never added automatically.

> However, that brings up another question. There's an application that
> both AD authenticated Samba users and non-AD users need to run where
> both sets of users need to have the same primary group membership. Is
> this possible with Winbind? Or possibly sssd if not?
> Thanks,
> Chris

I think this all depends on what you mean by 'non-AD users'. 

If you are referring to local Unix users and AD users having the same
primary group, then this is never going to work. I think you need to
expand on just what you are trying to do and how.


More information about the samba mailing list