[Samba] Elements missing in LDAP for some users

Victor Rodriguez vrodriguez at soltecsis.com
Mon Nov 29 14:40:46 UTC 2021


I am migrating an ancient Windows 2003 SBS to Samba using Zentyal
(Ubuntu 20.04.3 LTS + Samba version 4.13.14-Ubuntu from Ubutu official
repo). Everything seems to be working properly.

After migration I have detected that many users have elements missing in
LDAP, like "uidNumber", "gidNumber", "lastLogon" or "userAccountControl":


ldbsearch --url=ldap://va-dc-001 -b DC=domain,DC=company,DC=local -P -s
sub '(&(objectSid=S-1-5-21-***-***-***-1392))'


# record 1
dn: CN=user1,OU=usersOU,DC=domain,DC=company,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: User1
sn: Surname
givenName: User1
displayName: User1 Surname
name: User1 Surname
objectGUID: 1f6563a7-0810-4496-937b-ce8344289ae2
codePage: 0
countryCode: 0
primaryGroupID: 513
objectSid: S-1-5-21-***-***-***-1392
sAMAccountName: user1
sAMAccountType: 805306368
userPrincipalName: user1 at domain.company.local
msDS-SupportedEncryptionTypes: 0
distinguishedName: CN=User1



All users in this domain existed before migrating from Windows 2003. I
have created a new user and it does not have those elements in LDAP.
Some other users do have those elements in LDAP. All of them can log in
to a Windows domain joined computer.

- In this scenario, should the exist for every user? (as they do in
other domains I have migrated/created)

- Should I create them? How?

- Are they created automatically by Samba? When?

Thanks a lot in advance.


More information about the samba mailing list