[Samba] Elements missing in LDAP for some users
Victor Rodriguez
vrodriguez at soltecsis.com
Mon Nov 29 14:40:46 UTC 2021
Hello,
I am migrating an ancient Windows 2003 SBS to Samba using Zentyal
(Ubuntu 20.04.3 LTS + Samba version 4.13.14-Ubuntu from Ubutu official
repo). Everything seems to be working properly.
After migration I have detected that many users have elements missing in
LDAP, like "uidNumber", "gidNumber", "lastLogon" or "userAccountControl":
---
ldbsearch --url=ldap://va-dc-001 -b DC=domain,DC=company,DC=local -P -s
sub '(&(objectSid=S-1-5-21-***-***-***-1392))'
[...]
# record 1
dn: CN=user1,OU=usersOU,DC=domain,DC=company,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: User1
sn: Surname
givenName: User1
displayName: User1 Surname
name: User1 Surname
objectGUID: 1f6563a7-0810-4496-937b-ce8344289ae2
codePage: 0
countryCode: 0
primaryGroupID: 513
objectSid: S-1-5-21-***-***-***-1392
sAMAccountName: user1
sAMAccountType: 805306368
userPrincipalName: user1 at domain.company.local
objectCategory:
CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=company,DC=local
msDS-SupportedEncryptionTypes: 0
distinguishedName: CN=User1
Surname,OU=VAlameda,DC=domain,DC=company,DC=local
[...]
---
All users in this domain existed before migrating from Windows 2003. I
have created a new user and it does not have those elements in LDAP.
Some other users do have those elements in LDAP. All of them can log in
to a Windows domain joined computer.
- In this scenario, should the exist for every user? (as they do in
other domains I have migrated/created)
- Should I create them? How?
- Are they created automatically by Samba? When?
Thanks a lot in advance.
Victor.
More information about the samba
mailing list