[Samba] SAMBA using existing users and passwords on Linux

Rowland penny rpenny at samba.org
Mon Jun 22 13:13:43 UTC 2020

On 22/06/2020 14:00, Fernando Gonçalves wrote:
> Good morning Rowland.
> As you may have noticed, I am no expert in deploying SAMBA in an AD 
> domain.
> Could you give me a link with a tutorial that explains in a simple way 
> the procedure for this?

You could start here:


> Just to not leave without a return I executed the following commands:
> # getent group TJSC\users
> #
> Nothing came back.
It shouldn't, not even on a Samba AD DC
> # getent group TJSC users
> users: x: 100:
> This group "users" is local to the linux server (it is in /etc/passwd) 
> and does not exist in the AD domain.

Ah, yes it does, just not where you expect it ;-)

If you examine 'idmap.ldb' on a DC, you should find something like this:

dn: CN=S-1-5-21-1768301897-3342589593-1064908849-513
cn: S-1-5-21-1768301897-3342589593-1064908849-513
objectClass: sidMap
objectSid: S-1-5-21-1768301897-3342589593-1064908849-513
xidNumber: 100
distinguishedName: CN=S-1-5-21-1768301897-3342589593-1064908849-513

The '513' is the RID for Domain Users and the xidNumber maps it to to 
the local 'users' group.

> I can then conclude that my intention to use local users of the linux 
> server without having to specify the name of the linux server is not 
> possible, right?

Correct, not possible and definitely not supported on a Samba AD DC (or 
any other Samba domain machine)


More information about the samba mailing list