[Samba] Elements missing in LDAP for some users
pgoetz at math.utexas.edu
Mon Nov 29 15:38:21 UTC 2021
In order for this to work, you need to provision your domain with
# samba-tool domain provision --use-rfc2307 --interactive
If you didn't have "--use-rfc2307" we need look no further.
On 11/29/21 08:40, Victor Rodriguez via samba wrote:
> I am migrating an ancient Windows 2003 SBS to Samba using Zentyal
> (Ubuntu 20.04.3 LTS + Samba version 4.13.14-Ubuntu from Ubutu official
> repo). Everything seems to be working properly.
> After migration I have detected that many users have elements missing in
> LDAP, like "uidNumber", "gidNumber", "lastLogon" or "userAccountControl":
> ldbsearch --url=ldap://va-dc-001 -b DC=domain,DC=company,DC=local -P -s
> sub '(&(objectSid=S-1-5-21-***-***-***-1392))'
> # record 1
> dn: CN=user1,OU=usersOU,DC=domain,DC=company,DC=local
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: User1
> sn: Surname
> givenName: User1
> displayName: User1 Surname
> name: User1 Surname
> objectGUID: 1f6563a7-0810-4496-937b-ce8344289ae2
> codePage: 0
> countryCode: 0
> primaryGroupID: 513
> objectSid: S-1-5-21-***-***-***-1392
> sAMAccountName: user1
> sAMAccountType: 805306368
> userPrincipalName: user1 at domain.company.local
> msDS-SupportedEncryptionTypes: 0
> distinguishedName: CN=User1
> All users in this domain existed before migrating from Windows 2003. I
> have created a new user and it does not have those elements in LDAP.
> Some other users do have those elements in LDAP. All of them can log in
> to a Windows domain joined computer.
> - In this scenario, should the exist for every user? (as they do in
> other domains I have migrated/created)
> - Should I create them? How?
> - Are they created automatically by Samba? When?
> Thanks a lot in advance.
More information about the samba