[Samba] Corruption of winbind cache after converting NT4 to AD domain
Rowland Penny
rpenny at samba.org
Sat Feb 12 08:34:32 UTC 2022
On Sat, 2022-02-12 at 10:36 +0300, Michael Tokarev via samba wrote:
> 12.02.2022 01:01, Patrick Goetz via samba wrote:
> []
> > I just moved from NT4 to Samba AD too. My original plan was to
> > leave the linux machines standalone, but the more I worked with the
> > system the more
> > obvious it became that this was a bad idea for various reasons;
> > e.g. the access permissions on filesystems shared to Windows
> > machines aren't the same
> > if you don't mind the linux workstation to the domain.
>
> "The more obvious it become". This is my "gut feeling" for now, -
> just
> because else it doesn't actually work due to the $subj. But I'm not
> sure yet if it is just wrong assumption in winbind a bug due to this
> wrong assumption, or it is actually _required_ to have no unix users
> with the same name/uid as in AD. So far I tend to see it more like
> a bug than actual architectural requirement. Maybe difficult to
> fix bug but still a bug.
It is not a bug, you just do not have users in /etc/passwd and AD, you
just have them in AD.
>
> > So, what I'm currently doing on the linux machines:
> >
> > 1. Remove local linux accounts which match AD accounts.
I would go further, any users with an ID > 1000 that are not in AD
should be moved to AD.
Rowland
More information about the samba
mailing list