[Samba] Problem with AD & idmap
Rowland Penny
rpenny at samba.org
Wed Mar 2 15:18:33 UTC 2022
On Wed, 2022-03-02 at 15:59 +0100, Lars Schimmer via samba wrote:
>
>
> Yeah, but why? Isn't the rix needed?
There are uidNumber, gidNumber and xidNumber attributes. the xidNumber
attributes are only found and used on a Samba AD DC. I am not really
into 'C' , but it looks to me that the relevant code is run on all
Samba machines, so you get the debug message on a Unix domain member if
the debug level is turned up to high.
>
> > Have you tried running 'net cache flush' ?
>
> yeah, each time I did a change to the smb.conf, I did restart smb,
> winbind and net cache flush.
> Also did reboot several times. The result is always the same.
> With RID backend I get the users, with ad backend not.
Have you actually looked in AD, does Domain Users have a gidNumber
attribute ? Do your users have the primaryGroupID attribute set to
'513' ? Do the relevant users have a uidNumber attribute ?
The fact that the 'rid' idmap backend works, shows that Samba is
working. When you change to the 'ad' backend and it doesn't work,
usually means that there is something wrong with the uidNumber &
gidNumber attributes in AD.
Try running 'testparm -s', this may show errors.
Rowland
More information about the samba
mailing list