[Samba] Client machine not fetching user accounts from AD domain

Rowland penny rpenny at samba.org
Mon Dec 14 20:38:26 UTC 2020

On 14/12/2020 20:14, Z Z wrote:
> Greetings Rowland.
> I'm a bit confused because I have another Debian server, joined pretty 
> much the same way (having single local user with matching name) but 
> this time, on this computer the AD record is honored first (*id peter* 
> provides ALL the records from the AD, even though there's local one 
> with local uid):
> *cat /etc/passwd:*
> *peter:x:905:905::/home/peter:*
> Almost all of my domain members are CentOS machines, that's why I'm 
> not very familiar with Debian.
> And yes, since I'm using the 'ad' backend I've manually added 
> uidNumber, gid attributes and they are within the specified range. As 
> I mentioned this config works flawlessly on many other machines.
> I'm starting to think that something is wrong with the Debian itself. 
> It's a 9.4 version with Samba v 4.5.16

First Debian 9 is old and Samba 4.5.16 is EOL as far as Samba is 
concerned, the latest Samba version is 4.13.2. Can I suggest you upgrade 
to Debian 10 and then use the samba packages from here: 

This will get you a fully supported distro and the latest Samba.

Next, stop using local users for anything more than local users, put all 
your users and groups into AD (except for one or two users that are also 
sudo users, just in case a problem arises with AD, do not put these 
users into AD as well), then make your AD users and groups into Unix 
users and groups by giving them a uidNumber or gidNumber. Unless you 
have a misconfiguration, local users or groups that are also in AD will 
always be used before the AD users or groups.


More information about the samba mailing list