[Samba] idmap ad question

Rowland Penny rpenny at samba.org
Sun Feb 12 18:17:33 UTC 2023



On 12/02/2023 16:40, Vaughan, Robert J via samba wrote:
> Hi all
> 
> In the idmap_config_ad wiki, it states ..
> 
> If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD.
> 
> Can someone explain this?
> 

Yes

Every users primaryGroupID attribute is set to 513, the RID for Domain 
Users. Unless Domain Users has a gidNumber attribute, then no users are 
shown by getent passwd & id via winbind.

Rowland




More information about the samba mailing list