[Samba] idmap ad question
Rowland Penny
rpenny at samba.org
Mon Feb 13 17:17:01 UTC 2023
On 13/02/2023 16:50, Vaughan, Robert J via samba wrote:
> On 12/02/2023 16:40, Vaughan, Robert J via samba wrote:
>> Hi all
>>
>> In the idmap_config_ad wiki, it states ..
>>
>> If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD.
>>
>> Can someone explain this?
>>
>
>>> Yes
>
>>> Every users primaryGroupID attribute is set to 513, the RID for Domain
>>> Users. Unless Domain Users has a gidNumber attribute, then no users are
>>> shown by getent passwd & id via winbind.
>
>>> Rowland
>
> Ok, so I went and added a gidNumber to 'Domain Users'
>
> and 'id' does show that number next to 'domain users' as one of my groups
>
> But 'getent passwd' still only returns local users, no AD users
>
> 'wbinfo -u' does return the list of AD users (but not unix local users)
>
>
> Thanks,
>
> Robert Vaughan
>
OK, I think you need to post your smb.conf
Rowland
----------------------------------------------------------------------
This is an e-mail from Rowland Penny. I do not care who reads it and it
contains no confidential or privileged information. Everyone may read,
print, store, copy, forward or act in reliance on it or its attachments.
If you are not the intended recipient, please do what you like with
this message. Your cooperation is appreciated.
More information about the samba
mailing list