[Samba] Users can't mount shares on a domain member file server

Rowland penny rpenny at samba.org
Wed Dec 16 17:25:49 UTC 2020

On 16/12/2020 17:01, MAS Jean-Louis via samba wrote:
> Le 16/12/2020 à 17:17, Rowland penny via samba a écrit :
>> You are getting ID's in the 400000 range because that is what you 
>> have set in the '*' domain and as you are getting number such as 
>> '400002', then 'jlmas' does not have a uidNumber attribute containing 
>> a number inside the '500-400000' range or Domain Users does not have 
>> a gidNumber attribute containing a number inside the same range, or 
>> to put it another way:
>> Have you manually added uidNumber and gidNumber attributes to your 
>> users & groups in AD ?
> Yes. In fact our only source of authentication for Linux and Windows 
> is our AD Samba4.
> We have added all the posix accounts attributes to our users when we 
> created them.
> For example, this is my account directly from our Samba4 AD-DC, my 
> uidNumber and gidNumber are within the "example" domain range we 
> defined in smb.conf

I think I might know what is the problem, but first, you do not need these:

objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson

You have changed the primaryGroupID, why ?

Windows expects that every users primary group is Domain Users and now 
it is whatever '2906' is, this is what I think your problem is. Samba 
also requires Domain Users, though to be honest I am unsure whether it 
requires the name or the numeric ID, but it looks like which ever it is 
that winbind does not like this.


More information about the samba mailing list