[Samba] Samba 4 without winbind

Rowland Penny rpenny at samba.org
Mon Sep 19 17:53:20 UTC 2022

On 19/09/2022 18:17, Shannon Price via samba wrote:
> I've had some progress on this using autorid and rid.  A few issues however.
> My home directory and other folders grant permissions to my NIS UID, but with Winbind, my files are written using the UID that was generated by idmap, so files I write have a different owner or I don't have permission at all to write to existing folders.

Yes, I expected this, which is why I tried to steer you to the 'ad' 
backend where you can set the NIS user ID as the users uidNumber 
attribute (the same goes for groups, but you would the groups NIS ID for 
the groups gidNumber attribute)
> Winbind doesn't recognize all of my group memberships (even for non-nested groups). I can query specific groups via wbinfo and see my name in the group, but when I restrict a share using a flat AD group, it does not give me access. If I share using "Domain Users", this works.

Are these groups in AD ? I ask because winbind will ignore any groups 
that are not in AD and any that are outside the range set in smb.conf

I used '10000-999999' in my examples, so any group ID that is larger 
than '999999' will be ignored. The 'rid' backend idmap ID is calculated 
like this:


So if the groups RID is 11107, this would be

21107 = 11107 + 10000

The same calculation is used for users and 'autorid' works in much the 
same way, but it uses a different calculation using the RID.


More information about the samba mailing list