[Samba] Unable to get primary group information when using AD authentication with samba-4.10.4

Rowland penny rpenny at samba.org
Thu Mar 12 09:48:38 UTC 2020

On 11/03/2020 23:53, Goto, Ryoichi wrote:
> Hi, Rowland.
> Two days ago I sent the following email:
> So far you have given the answer that day, but this time it has not.
> Would you please reply to my email if you like?
> I used the property / attribute editor on the AD side and set the values ??of gidNumber and uidNumber of the user within the range.
> The "wbinfo -i" command gives the error "unknown user". Is there any other reason why the "ad" backend doesn't work? For example, it
> uses Redhat's samba package.
> Running "wbinfo -i" or "id":
> [root @ ms2 ~] # net ads join -U administrator
> Enter administrator's password:
> Using short domain name-TESTDOM
> Joined 'MS2' to dns domain 'oita-nhs.local'
> [root @ ms2 ~] # wbinfo -i oec0814e
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user oec0814e
> [root @ ms2 ~] # id oec0814e
> id: `oec0814e ': no ??such user
> [root @ ms2 ~] # wbinfo -u
> oec0814e

As far as I am aware, you should be able use any OS Samba packages as a 
Unix domain member, it is just certain OS's that do not provide packages 
that can be used as a DC.

What is worrying is that 'wbinfo -i' doesn't work. 'wbinfo' should go 
direct to AD (via winbind), so is there a firewall blocking any of the 
required ports ? see here: 

Is Selinux or Apparmor running ?

Is sssd installed ?

This should work and when it doesn't, it is usually down to a 
misconfiguration or missing uidNumber or gidNumber attributes. At a 
minimum, any user you wish to be visible on a Unix domain member must 
have a uidNumber and the Domain Users group must be have a gidNumber.

Try running 'net cache flush'


More information about the samba mailing list