[Samba] Client machine not fetching user accounts from AD domain
Rowland penny
rpenny at samba.org
Mon Dec 14 20:38:26 UTC 2020
On 14/12/2020 20:14, Z Z wrote:
> Greetings Rowland.
>
> I'm a bit confused because I have another Debian server, joined pretty
> much the same way (having single local user with matching name) but
> this time, on this computer the AD record is honored first (*id peter*
> provides ALL the records from the AD, even though there's local one
> with local uid):
>
> *cat /etc/passwd:*
> *peter:x:905:905::/home/peter:*
>
> Almost all of my domain members are CentOS machines, that's why I'm
> not very familiar with Debian.
> And yes, since I'm using the 'ad' backend I've manually added
> uidNumber, gid attributes and they are within the specified range. As
> I mentioned this config works flawlessly on many other machines.
> I'm starting to think that something is wrong with the Debian itself.
> It's a 9.4 version with Samba v 4.5.16
First Debian 9 is old and Samba 4.5.16 is EOL as far as Samba is
concerned, the latest Samba version is 4.13.2. Can I suggest you upgrade
to Debian 10 and then use the samba packages from here:
http://apt.van-belle.nl/
This will get you a fully supported distro and the latest Samba.
Next, stop using local users for anything more than local users, put all
your users and groups into AD (except for one or two users that are also
sudo users, just in case a problem arises with AD, do not put these
users into AD as well), then make your AD users and groups into Unix
users and groups by giving them a uidNumber or gidNumber. Unless you
have a misconfiguration, local users or groups that are also in AD will
always be used before the AD users or groups.
Rowland
More information about the samba
mailing list